diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a3bcd94..5792ed9 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,5 +1,10 @@ --- +# Any ignore directives should be uncommented in downstream projects to disable +# Dependabot updates for the given dependency. Downstream projects will get +# these updates when the pull request(s) in the appropriate skeleton are merged +# and Lineage processes these changes. + version: 2 updates: - package-ecosystem: "github-actions" diff --git a/.github/workflows/update_software_list.yml b/.github/workflows/update_software_list.yml index 9292a44..d6cec03 100644 --- a/.github/workflows/update_software_list.yml +++ b/.github/workflows/update_software_list.yml @@ -68,6 +68,12 @@ jobs: run: pip install --upgrade --requirement config/requirements.txt - name: Create the branch for test validation run: git switch --create ${{ needs.setup.outputs.testing_branch }} + - name: Normalize individual cisagov_*.yml files + run: | + for file in data/cisagov_*yml; do \ + normalize-yml --cisagov-format "$file" > "$file".tmp; \ + mv --force "$file".tmp "$file"; \ + done - name: Update the comprehensive cisagov YAML file run: normalize-yml --cisagov-format data/cisagov_*.yml > data/cisagov.yml - name: Generate a normalized YAML file from all source YAML files @@ -84,7 +90,7 @@ jobs: commit_user_name: ${{ needs.setup.outputs.git_user }} commit_user_email: ${{ needs.setup.outputs.git_email }} commit_author: ${{ needs.setup.outputs.git_author }} - file_pattern: SOFTWARE-LIST.md data/cisagov.yml + file_pattern: SOFTWARE-LIST.md data/cisagov*.yml merge_list_update: runs-on: ubuntu-latest needs: diff --git a/.mdl_config.yaml b/.mdl_config.yaml index b36f943..4a650c1 100644 --- a/.mdl_config.yaml +++ b/.mdl_config.yaml @@ -44,7 +44,17 @@ MD035: # Enforce dashes for horizontal rules style: "---" -# MD046/code-block-style Code block style +# MD046/code-block-style - Code block style MD046: # Enforce the fenced style for code blocks style: "fenced" + +# MD049/emphasis-style - Emphasis style should be consistent +MD049: + # Enforce asterisks as the style to use for emphasis + style: "asterisk" + +# MD050/strong-style - Strong style should be consistent +MD050: + # Enforce asterisks as the style to use for strong + style: "asterisk" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 352bbd2..7a2ca6a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -31,7 +31,7 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.30.0 + rev: v0.31.1 hooks: - id: markdownlint args: diff --git a/.yamllint b/.yamllint index 67b64cd..aaadb25 100644 --- a/.yamllint +++ b/.yamllint @@ -2,6 +2,12 @@ extends: default rules: + # yamllint does not like it when you comment out different parts of + # dictionaries in a list. You can see + # https://github.com/adrienverge/yamllint/issues/384 for some examples of + # this behavior. + comments-indentation: disable + # yamllint doesn't like when we use yes and no for true and false, # but that's pretty standard in Ansible. truthy: disable diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 3cc682e..3e5dfc1 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -12,10 +12,11 @@ ## Software List ## -This list was initially populated using information from the following sources: +This list has been populated using information from the following sources: - Kevin Beaumont - SwitHak +- National Cyber Security Centre - Netherlands (NCSC-NL) NOTE: This file is automatically generated. To submit updates, please refer to [`CONTRIBUTING.md`](CONTRIBUTING.md). @@ -27,106 +28,247 @@ NOTE: This file is automatically generated. To submit updates, please refer to | 3CX | | | | Unknown | [link](https://www.3cx.com/community/threads/log4j-vulnerability-cve-2021-44228.86436/#post-407911) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | 3M Health Information Systems | CGS | | | Unknown | [link](https://support.3mhis.com/app/account/updates/ri/5210) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | 7-Zip | | | | Unknown | [link](https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ABB | | | | Unknown | [link](https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ABB | ABB Remote Service | ABB Remote Platform (RAP) | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ABB | AlarmInsight Cloud | AlarmInsight KPI Dashboards 1.0.0 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ABB | B&R Products | See Vendor Advisory | | Affected | [link](https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Abbott | | | | Unknown | [link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Abnormal Security | Abnormal Security | | | Unknown | [link](https://abnormalsecurity.com/blog/attackers-use-email-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Accellence | | | | Unknown | [link](https://www.accellence.de/en/articles/national-vulnerability-database-62) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Accellion | Kiteworks | | v7.6 release | Fixed | [link](https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/) | "As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” to disable the possible attack vector on both CentOS 6 and CentOS 7." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Acquia | | | | Unknown | [link](https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Acronis | | | | Unknown | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ActiveState | | | | Unknown | [link](https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Adaptec | | | | Unknown | [link](https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Addigy | | | | Unknown | [link](https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Adeptia | | | | Unknown | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Adobe ColdFusion | | | | Unknown | [link](https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ADP | | | | Unknown | [link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Advanced Systems Concepts (formally Jscape) | Active MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Advanced Systems Concepts (formally Jscape) | MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Advanced Systems Concepts (formally Jscape) | MFT Gateway | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Advanced Systems Concepts (formally Jscape) | MFT Server | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| AFAS Software | | | | Unknown | [link](https://help.afas.nl/vraagantwoord/NL/SE/120439.htm) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| 7Signal | Sapphire | | | Fixed | [link](https://www.7signal.com/info/se-release-notes) | Fix released 2021-12-14 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| ABB | AlarmInsight Cloud | | | Not Affected | [link](https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ABB | B&R Products | | | Not Affected | [link](https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ABB | Remote Service | | | Fixed | [link](https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Abbott | All | | | Unknown | [link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | Details are shared with customers with an active RAP subscription. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Abbott | GLP Track System | Track Sample Manager (TSM), Track Workflow Manager (TWM) | | Affected | [link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | Abbott will provide a fix for this in a future update expected in January 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Abnormal Security | All | | | Not Affected | [link](https://abnormalsecurity.com/blog/attackers-use-email-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accellence Technologies | EBÜS | | All | Fixed | [link](https://www.accellence.de/en/articles/cve-2021-44228-62) | EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several 3rd-party software setups, which may be affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accellence Technologies | Vimacc | | | Not Affected | [link](https://www.accellence.de/en/articles/cve-2021-44228-62) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accellion | Kiteworks | | v7.6 release | Fixed | [link](https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/) | As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" to disable the possible attack vector on both CentOS 6 and CentOS 7. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Accruent | Analytics | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Asset Enterprise | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | BigCenter | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | EMS | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Evoco | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Expesite | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Famis 360 | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Lucernex | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Maintenance Connection | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Meridian | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Single Sign On (SSO, Central Auth) | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | SiteFM3 | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | SiteFM4 | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Siterra | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | TMS | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxField | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxMaintain | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxObserve | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxSustain | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acquia | All | | | Unknown | [link](https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Backup | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Backup | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Files | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Infrastructure | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Protect | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Protection Home Office | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | DeviceLock DLP | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Files Connect | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | MassTransit | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Snap Deploy | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ActiveState | All | | | Unknown | [link](https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | 360 | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | Agents | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | Application | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST - ASP.NET | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST - NodeJS | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST - PHP | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST-Java | | All | Fixed | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | AcuSensor IAST module needs attention. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adaptec | All | | | Unknown | [link](https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Addigy | All | | | Unknown | [link](https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adeptia | Connect | | 3.3, 3.4, 3.5 | Fixed | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adeptia | Suite | | 6.9.9, 6.9.10, 6.9.11 | Fixed | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Automated Forms Conversion Service | | | Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | ColdFusion | | | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.3 Forms on JEE | | All versions from 6.3 GA to 6.3.3 | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.4 Forms Designer | | | Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.4 Forms on JEE | | All versions from 6.4 GA to 6.4.8 | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.5 Forms Designer | | | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.5 Forms on JEE | | All versions from 6.5 GA to 6.5.11 | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager Forms on OSGi | | | Not Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager Forms Workbench | | | Not Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ADP | All | | | Unknown | [link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Advanced Micro Devices (AMD) | All | | | Not Affected | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Advanced Systems Concepts (formally Jscape) | Active MFT | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Advanced Systems Concepts (formally Jscape) | MFT | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Advanced Systems Concepts (formally Jscape) | MFT Gateway | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Advanced Systems Concepts (formally Jscape) | MFT Server | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | AFHCAN Global LLC | AFHCANcart | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANmobile | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANServer | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANsuite | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANupdate | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANweb | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Agilysys | | | | Unknown | [link](https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Akamai | SIEM Splunk Connector | All | | Affected | [link](https://splunkbase.splunk.com/app/4310/) | v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Alcatel | | | | Unknown | [link](https://dokuwiki.alu4u.com/doku.php?id=log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alertus | | | | Unknown | [link](https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alexion | | | | Unknown | [link](https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alfresco | | | | Unknown | [link](https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AlienVault | | | | Unknown | [link](https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alphatron Medical | | | | Unknown | [link](https://www.alphatronmedical.com/home.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | Athena | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS | | | Not Affected | | Notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Amazon | AWS API Gateway | | All | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Amazon | AWS CloudHSM | < 3.4.1. | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS Connect | | All | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer mitigation | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | -| Amazon | AWS DynamoDB | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS EKS, ECS, Fargate | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | To help mitigate the impact of the open-source Apache “Log4j2" utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Amazon | AWS ElastiCache | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS ELB | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Amazon | AWS Inspector | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS Kinesis Data Stream | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Amazon | AWS Lambda | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS Lambda | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS RDS | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified in CVE-2021-44228 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS S3 | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Amazon | AWS SNS | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate separately from SNS’s systems that serve customer traffic | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Amazon | AWS SQS | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Amazon | CloudFront | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | CloudWatch | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | EC2 | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Amazon | ELB | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | KMS | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | OpenSearch | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | RDS | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | Route 53 | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | S3 | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | Translate | | | Unknown | [link](https://aws.amazon.com/translate/) | Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | VPC | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AMD | All | | | Unknown | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | Currently, no AMD products have been identified as affected. AMD is continuing its analysis. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Anaconda | Anaconda | | | Not Affected | [link](https://docs.conda.io/projects/conda/en/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Agilysys | All | | | Unknown | [link](https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ahsay | Mobile | | | Not Affected | [link](https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ahsay | Other products | | | Not Affected | [link](https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ahsay | PRD | | | Not Affected | [link](https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AIL | All | | | Not Affected | [link](https://twitter.com/ail_project/status/1470373644279119875) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Akamai | Enterprise Application Access (EAA) Connector | | | Not Affected | [link](https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Akamai | SIEM Integration Connector | | <1.7.4 | Fixed | [link](https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes) | Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Akamai | SIEM Splunk Connector | | < 1.4.10 | Fixed | [link](https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes) | Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. Although it includes the vulnerable Log4J component, it is not used by the connector. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Alcatel | All | | | Unknown | [link](https://dokuwiki.alu4u.com/doku.php?id=log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alertus | Console | | 5.15.0 | Fixed | [link](https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alexion | Alexion CRM | | | Not Affected | [link](https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alfresco | Alfresco | | | Not Affected | [link](https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AlienVault | All | | | Unknown | [link](https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | AmiSconnect | | | Not Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | Custo Diagnostics | 5.4, 5.6 | | Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | JiveX | | | Not Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | Zorgbericht | | | Not Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AMS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Work in progress, portion of customers may still be vulnerable. Actively monitoring this issue, and are working on addressing it for any AMS services which use Log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | API Gateway | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | Athena | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | Athena JDBC Driver | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | All versions vended to customers were not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS AppFlow | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS AppSync | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS Certificate Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS Certificate Manager Private CA | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS CloudHSM | | < 3.4.1 | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS CodeBuild | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS CodePipeline | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS Connect | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer mitigation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Amazon | AWS Directory Service | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Amazon | AWS DynamoDB | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS ECS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS EKS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Elastic Beanstalk | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Default configuration of applications usage of Log4j versions is not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS ElastiCache | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS ELB | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Fargate | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available as platform versions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Glue | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Has been updated. Vulnerable only if ETL jobs load affected versions of Apache Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Greengrass | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, an update for the Stream Manager feature is included in Greengrass patch versions 1.10.5 and 1.11.5. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Inspector | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS IoT SiteWise Edge | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updates for all AWS IoT SiteWise Edge components that use Log4j were made available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher (v2.0.2). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS Kinesis Data Streams | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS KMS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS Lambda | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Vulnerable when using aws-lambda-java-log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS Polly | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS QuickSight | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS RDS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified in CVE-2021-44228. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS S3 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS SDK | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS Secrets Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS Service Catalog | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS SNS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate separately from SNS’s systems that serve customer traffic. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS SQS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS Systems Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS Systems Manager Agent | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS Textract | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | Chime | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon Chime and Chime SDK services have been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Cloud Directory | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | CloudFront | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | CloudWatch | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Cognito | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Corretto | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | 10/19 release distribution does not include Log4j. Vulnerable only if customers applications use affected versions of Apache Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | DocumentDB | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | EC2 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | ECR Public | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon-owned images published under a Verified Account on Amazon ECR Public are not affected by the Log4j issue. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | Elastic Load Balancing | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Services have been updated. All Elastic Load Balancers, as well as Classic, Application, Network and Gateway, are not affected by this Log4j issue. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | EMR | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Many customers are estimated to be vulnerable. Vulnerable only if affected EMR releases are used and untrusted sources are configured to be processed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | EventBridge | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Fraud Detector | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Inspector | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Inspector Classic | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kafka (MSK) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Applying updates as required, portion of customers may still be vulnerable. Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kendra | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Keyspaces (for Apache Cassandra) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kinesis | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kinesis Data Analytics | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Lake Formation | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Update in progress, portion of customers may still be vulnerable. AWS Lake Formation service hosts are being updated to the latest version of Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Lex | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Linux (AL1) | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM layer issue is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Linux (AL2) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | By default not vulnerable, and a new version of Amazon Kinesis Agent which is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j issue in JVM layer is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Lookout for Equipment | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Macie | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Macie Classic | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Managed Workflows for Apache Airflow (MWAA) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | MemoryDB for Redis | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Monitron | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | MQ | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Neptune | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | NICE | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Recommended to update EnginFrame or Log4j library. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | OpenSearch | | R20211203-P2 | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Update released, customers need to update their clusters to the fixed release. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Pinpoint | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | RDS Aurora | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | RDS for Oracle | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Redshift | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Rekognition | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Route 53 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | SageMaker | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable only if customers applications use affected versions of Apache Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Simple Notification Service (SNS) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Systems that serve customer traffic are patched against the Log4j2 issue. Working to apply the patch to sub-systems that operate separately from SNSs systems that serve customer traffic. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Simple Queue Service (SQS) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Simple Workflow Service (SWF) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Single Sign-On | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Step Functions | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Timestream | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Translate | | | Not Affected | [link](https://aws.amazon.com/translate/) | Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | VPC | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | WorkSpaces/AppStream 2.0 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Not affected with default configurations. WorkDocs Sync client versions 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, are vulnerable; For update instruction, see source for more info. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AMD | All | | | Not Affected | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | Currently, no AMD products have been identified as affected. AMD is continuing its analysis. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Anaconda | All | | | Not Affected | [link](https://docs.conda.io/projects/conda/en/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| AOMEI | All | | | Not Affected | [link](https://www.aomeitech.com/forum/index.php?p=/discussion/7651/aomei-and-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Apache | ActiveMQ Artemis | | | Not Affected | [link](https://activemq.apache.org/news/cve-2021-44228) | ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) for more information on that task. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Apache | Airflow | | | Unknown | [link](https://github.com/apache/airflow/tree/main/airflow) | Airflow is written in Python | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apache | Camel | 3.14.1.3.11.5, 3.7.7 | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel 2 | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Airflow | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Airflow is written in Python | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Archiva | | 2.2.6 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 2.2.6. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Camel | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel 2 | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Apache | Camel JBang | <=3.1.4 | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel K | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel Karaf | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel Quarkus | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | CamelKafka Connector | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Druid | < druid 0.22.0 | | Affected | [link](https://github.com/apache/druid/releases/tag/druid-0.22.1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | -| Apache | Flink | | < 1.14.2, 1.13.5, 1.12.7, 1.11.6 | Fixed | [link](https://flink.apache.org/2021/12/10/log4j-cve.html) | To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. | [https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | -| Apache | Kafka | | | Not Affected | [link](https://kafka.apache.org/cve-list) | The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, not v2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Apache | Kafka | Unknown | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | Only vulnerable in certain configuration(s) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apache | Log4j | < 2.15.0 | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apache | Solr | | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Fixed | [link](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) | Update to 8.11.1 or apply fixes as described in Solr security advisory | [Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Apache | Struts 2 | Versions before 2.5.28.1 | | Affected | [link](https://struts.apache.org/announce-2021) | The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a “General Availability” release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). | [Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Apache | Tomcat | 9.0.x | | Affected | [link](https://tomcat.apache.org/security-9.html) | Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Apache | Camel K | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel Kafka Connector | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel Karaf | | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel Quarkus | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Cassandra | | | Not Affected | [link](https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Druid | | 0.22.1 | Fixed | [link](https://github.com/apache/druid/releases/tag/druid-0.22.1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| Apache | Dubbo | | All | Fixed | [link](https://github.com/apache/dubbo/issues/9380) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| Apache | Flink | | 1.15.0, 1.14.2, 1.13.5, 1.12.7, 1.11.6 | Fixed | [link](https://flink.apache.org/2021/12/10/log4j-cve.html) | To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. | [https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| Apache | Fortress | | < 2.0.7 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 2.0.7. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Geode | | 1.14.0 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 1.12.6, 1.13.5, 1.14.1. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Guacamole | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Hadoop | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | HBase | | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Hive | | 4.x | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | James | 3.6.0 | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Jena | | < 4.3.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | JMeter | All | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | JSPWiki | | 2.11.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Kafka | | | Not Affected | [link](https://kafka.apache.org/cve-list) | Uses Log4j 1.2.17. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Log4j 1.x | | | Not Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Log4j 2.x | 2.17.1 | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Maven | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | NiFi | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 1.15.1, 1.16.0. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | OFBiz | | < 18.12.03 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Ozone | | < 1.2.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 1.15.1, 1.16.0. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | SkyWalking | | < 8.9.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | SOLR | | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Fixed | [link](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) | Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations. | [Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Apache | Spark | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Uses log4j 1.x | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Struts | 2.5.28 | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Struts 2 | | Versions before 2.5.28.1 | Fixed | [link](https://struts.apache.org/announce-2021) | The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a General Availability release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). | [Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Apache | Tapestry | 5.7.3 | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Tika | 2.0.0 and up | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Tomcat | | | Unknown | [link](https://tomcat.apache.org/security-9.html) | Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Apache | TrafficControl | | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | ZooKeeper | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | APC by Schneider Electric | Powerchute Business Edition | | v9.5, v10.0.1, v10.0.2, v10.0.3, v10.0.4 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | APC by Schneider Electric | Powerchute Network Shutdown | | 4.2, 4.3, 4.4, 4.4.1 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Apereo | CAS | 6.3.x & 6.4.x | | Affected | [link](https://apereo.github.io/2021/12/11/log4j-vuln/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apereo | Opencast | < 9.10, < 10.6 | | Affected | [link](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apigee | | | | Unknown | [link](https://status.apigee.com/incidents/3cgzb0q2r10p) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apollo | | | | Unknown | [link](https://community.apollographql.com/t/log4j-vulnerability/2214) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Appdynamics | | | | Unknown | [link](https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Appeon | PowerBuilder | Appeon PowerBuilder 2017-2021 regardless of product edition | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| AppGate | | | | Unknown | [link](https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apereo | CAS | | 6.3.x, 6.4.x | Fixed | [link](https://apereo.github.io/2021/12/11/log4j-vuln/) | Other versions still in active maintainance might need manual inspection. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apereo | Opencast | | < 9.10, < 10.6 | Fixed | [link](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apigee | Edge and OPDK products | | | Not Affected | [link](https://status.apigee.com/incidents/3cgzb0q2r10p) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apollo | All | | | Unknown | [link](https://community.apollographql.com/t/log4j-vulnerability/2214) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Appdynamics | All | | | Unknown | [link](https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Appeon | PowerBuilder | Appeon PowerBuilder 2017-2021 regardless of product edition | | Affected | [link](https://community.appeon.com/index.php/qna/q-a/apache-log4j-security-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| AppGate | All | | | Unknown | [link](https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Appian | Appian Platform | | All | Fixed | [link](https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Application Performance Ltd | DBMarlin | Not Affected | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Application Performance Ltd | DBMarlin | | | Unknown | [link](https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| APPSHEET | | | | Unknown | [link](https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Aptible | Aptible | ElasticSearch 5.x | | Affected | [link](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Aqua Security | | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Arbiter Systems | All | | | Unknown | [link](https://www.arbiter.com/news/index.php?id=4403) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| APPSHEET | All | | | Unknown | [link](https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aptible | All | | Search 5.x | Fixed | [link](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aqua Security | All | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arbiter Systems | All | | | Not Affected | [link](https://www.arbiter.com/news/index.php?id=4403) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | ARC Informatique | All | | | Not Affected | [link](https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | -| Arca Noae | | | | Unknown | [link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arca Noae | All | | | Unknown | [link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Arcserve | Arcserve Backup | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Arcserve Continuous Availability | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Arcserve Email Archiving | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | @@ -135,77 +277,123 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Arcserve | ShadowXafe | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Solo | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | StorageCraft OneXafe | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| ArcticWolf | | | | Unknown | [link](https://arcticwolf.com/resources/blog/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Arduino | | | | Unknown | [link](https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ariba | | | | Unknown | [link](https://connectsupport.ariba.com/sites#announcements-display&/Event/908469) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Arista | | | | Unknown | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Aruba Networks | | | | Unknown | [link](https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ataccama | | | | Unknown | [link](https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atera | | | | Unknown | [link](https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Bamboo Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Bitbucket Server & Data Center | All | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Confluence Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Crowd Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Crucible | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Fisheye | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Jira Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Attivo networks | | | | Unknown | [link](https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ArcticWolf | All | | | Unknown | [link](https://arcticwolf.com/resources/blog/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arduino | IDE | | 1.8.17 | Fixed | [link](https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ariba | All | | | Unknown | [link](https://connectsupport.ariba.com/sites#announcements-display&/Event/908469) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | Analytics Node for Converged Cloud Fabric | >7.0.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | Formerly Big Cloud Fabric | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | Analytics Node for DANZ Monitoring Fabric | >7.0.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | Formerly Big Monitoring Fabric | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | CloudVision Portal | >2019.1.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | CloudVision Wi-Fi, virtual or physical appliance | >8.8 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | Embedded Analytics for Converged Cloud Fabric | >5.3.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | Formerly Big Cloud Fabric | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | AirWave Management Platform | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Analytics and Location Engine | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS SD-WAN Gateways | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS Wi-Fi Controllers and Gateways | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS-CX Switches | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS-S Switches | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Central | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Central On-Prem | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ClearPass Policy Manager | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | EdgeConnect | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Fabric Composer (AFC) | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | HP ProCurve Switches | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Instant | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Instant Access Points | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Instant On | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | IntroSpect | | Versions 2.5.0.0 to 2.5.0.6 | Fixed | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy GMS Products | | | Fixed | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy NX | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy VRX | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy VX | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | NetEdit | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Plexxi Composable Fabric Manager (CFM) | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Silver Peak Orchestrator | | | Fixed | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | User Experience Insight (UXI) | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | VIA Clients | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ataccama | All | | | Unknown | [link](https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atera | All | | | Unknown | [link](https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Bamboo Server & Data Center | On Prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | Only vulnerable when using non-default config, cloud version fixed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Bitbucket Server & Data Center | | On prem | Fixed | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence Server & Data Center | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | Only vulnerable when using non-default config, cloud version fixed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS CSAT Pro | v1.7.1 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS WorkBench | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Lite | v4.13.0 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable | v3.0.77 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Assessor v4 | v4.13.0 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Assessor v4 Service | v1.13.0 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Dashboard | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-Hosted CSAT | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Crowd Server & Data Center | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Crucible | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Fisheye | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Jira Server & Data Center | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Attivo Networks | All | | | Unknown | [link](https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Atvise | All | | | Not Affected | [link](https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen) | The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | -| AudioCodes | | | | Unknown | [link](https://services.audiocodes.com/app/answers/kbdetail/a_id/2225) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Autodesk | | | | Unknown | [link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Automox | | | | Unknown | [link](https://blog.automox.com/log4j-critical-vulnerability-scores-a-10) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Autopsy | | | | Unknown | [link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Auvik | | | | Unknown | [link](https://status.auvik.com/incidents/58bfngkz69mj) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Avantra SYSLINK | | | | Unknown | [link](https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AudioCodes | All | | | Unknown | [link](https://services.audiocodes.com/app/answers/kbdetail/a_id/2225) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Autodesk | All | | | Unknown | [link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Automation Anywhere | Automation 360 Cloud | | | Fixed | [link](https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Automation Anywhere | Automation 360 On Premise | | | Fixed | [link](https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Automation Anywhere | Automation Anywhere | | 11.x, <11.3x | Fixed | [link](https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Automox | All | | | Unknown | [link](https://blog.automox.com/log4j-critical-vulnerability-scores-a-10) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Autopsy | All | | | Unknown | [link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Auvik | All | | | Unknown | [link](https://status.auvik.com/incidents/58bfngkz69mj) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Avantra SYSLINK | All | | | Unknown | [link](https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Avaya | Avaya Analytics | 3.5, 3.6, 3.6.1, 3.7, 4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura for OneCloud Private | | | Unknown | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Application Enablement Services | 8.1.3.2, 8.1.3.3, 10.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020551u](https://download.avaya.com/css/public/documents/101079386) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Contact Center | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Device Services | 8, 8.1, 8.1.4, 8.1.5 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Device Services | 8.0.1, 8.0.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Media Server | 8.0.0, 8.0.1, 8.0.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020549u](https://download.avaya.com/css/secure/documents/101079316) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Presence Services | 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Session Manager | 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020550u](https://download.avaya.com/css/public/documents/101079384) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® System Manager | 10.1, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN005565u](https://download.avaya.com/css/secure/documents/101079390) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Web Gateway | 3.11[P], 3.8.1[P], 3.8[P], 3.9.1 [P], 3.9[P] | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Breeze™ | 3.7, 3.8, 3.8.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Application Enablement Services | 8.1.3.2, 8.1.3.3, 10.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020551u](https://download.avaya.com/css/public/documents/101079386) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Contact Center | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Device Services | 8, 8.0.1, 8.0.2, 8.1, 8.1.3, 8.1.4, 8.1.5 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura for OneCloud Private | | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Media Server | 8.0.0, 8.0.1, 8.0.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020549u](https://download.avaya.com/css/secure/documents/101079316) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Presence Services | 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Session Manager | 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020550u](https://download.avaya.com/css/public/documents/101079384) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura System Manager | 10.1, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN005565u](https://download.avaya.com/css/secure/documents/101079390) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Web Gateway | 3.11[P], 3.8.1[P], 3.8[P], 3.9.1[P], 3.9[P] | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Breeze | 3.7, 3.8, 3.8.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Contact Center Select | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya CRM Connector - Connected Desktop | 2.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Device Enablement Service | 3.1.22 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Meetings | 9.1.10, 9.1.11, 9.1.12 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya one cloud private -UCaaS - Mid Market Aura | 1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya OneCloud-Private | 2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya OneCloud-Private-UCaaS - Mid Market Aura | 1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Session Border Controller for Enterprise | 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020554u](https://download.avaya.com/css/public/documents/101079394) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Social Media Hub | | | Unknown | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Social Media Hub | | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Workforce Engagement | 5.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Business Rules Engine | 3.4, 3.5, 3.6, 3.7 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Callback Assist | 5, 5.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Control Manager | 9.0.2, 9.0.2.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Device Enrollment Service | 3.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Equinox™ Conferencing | 9.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Equinox Conferencing | 9.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Interaction Center | 7.3.9 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | IP Office™ Platform | 11.0.4, 11.1, 11.1.1, 11.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | IP Office Platform | 11.0.4, 11.1, 11.1.1, 11.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Proactive Outreach Manager | 3.1.2, 3.1.3, 4, 4.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| AVEPOINT | | | | Unknown | [link](https://www.avepoint.com/company/java-zero-day-vulnerability-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AVM | | | | Unknown | [link](https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AvTech RoomAlert | | | | Unknown | [link](https://avtech.com/articles/23124/java-exploit-room-alert-link/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AWS New | | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AXON | | | | Unknown | [link](https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AXS Guard | | | | Unknown | [link](https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Axways Applications | | | | Unknown | [link](https://support.axway.com/news/1331/lang/en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| B&R Industrial Automation | APROL | | | Unknown | [link](https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| BackBox | | | | Unknown | [link](https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Balbix | | | | Unknown | [link](https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Baramundi Products | | | | Unknown | [link](https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Barco | | | | Unknown | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Barracuda | | | | Unknown | [link](https://www.barracuda.com/company/legal/trust-center) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Baxter | | | | Unknown | [link](https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | APEX® Compounder | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Outlook® Safety Infusion System Pump family | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Pinnacle® Compounder | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Pump, SpaceStation, and Space® Wireless Battery) | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| AVEPOINT | All | | | Unknown | [link](https://www.avepoint.com/company/java-zero-day-vulnerability-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AVM | All | | | Not Affected | [link](https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C) | devices, firmware, software incl. MyFritz Service. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AvTech RoomAlert | All | | | Unknown | [link](https://avtech.com/articles/23124/java-exploit-room-alert-link/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AXIS | OS | | | Not Affected | [link](https://help.axis.com/axis-os) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AXON | All | | | Unknown | [link](https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AXS Guard | All | | | Unknown | [link](https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Axways Applications | All | | | Unknown | [link](https://support.axway.com/news/1331/lang/en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| B&R Industrial Automation | APROL | | | Not Affected | [link](https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Backblaze | Cloud | | | Fixed | [link](https://help.backblaze.com/hc/en-us/articles/4412580603419) | Cloud service patched. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BackBox | All | | | Unknown | [link](https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Balbix | All | | | Unknown | [link](https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Baramundi Products | All | | | Unknown | [link](https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barco | Demetra | | | Not Affected | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barco | Demetra | | | Not Affected | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barco | Green Barco Wall Control Manager (gBCM) | | | Not Affected | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barco | MediCal QAWeb | | | Not Affected | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barco | NexxisOR | | | Not Affected | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barco | OpSpace | | 1.8 - 1.9.4.1 | Fixed | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barco | Transform N (TFN) | | | Not Affected | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barracuda | All | | | Unknown | [link](https://www.barracuda.com/company/legal/trust-center) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Basis Technology | Autopsy | | 4.18.0 onwards | Fixed | [link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | version 4.18.0 onwards use Apache Solr 8. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Baxter | All | | | Unknown | [link](https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BBraun | APEX® Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software | | All | Fixed | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Outlook® Safety Infusion System Pump family | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Pinnacle® Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Pump, SpaceStation, and Space® Wireless Battery) | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | | BD | Arctic Sun™ Analytics | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD Diabetes Care App Cloud | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD HealthSight™ Clinical Advisor | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | @@ -219,7 +407,75 @@ NOTE: This file is automatically generated. To submit updates, please refer to | BD | BD Knowledge Portal for Medication Technologies | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD Synapsys™ Informatics Solution | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD Veritor™ COVID At Home Solution Cloud | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Beckman Coulter | | | | Unknown | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Beckman Coulter | Access 2 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Ac•T 5diff (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Ac•T Family (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU2700 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU480 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU5400 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU5800 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU640 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU680 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 1200 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 1250 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 2500 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 2550 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxA 5000 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxA 5000 Fit (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 500 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 520 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 560 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 600 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 690T (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 800 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 900 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH SMS (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH SMS II (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxM Autoplak (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxM WalkAway 1040 (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxM WalkAway 1096 (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Command Central (Information Systems) | | All | Fixed | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | Customers can follow instructions to remove log4j | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Insights (Information Systems) | | | Fixed | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | Patch has been applied. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Inventory Manager (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Workflow Manager (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxU Workcell (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxUc (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxUm (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | HighFlexX Software (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | HmX (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | HmX AL (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iChemVELOCITY (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | IMMAGE 800 (Nephelometry) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Intelligent Sample Banking ISB (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Ipaw (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iQ Workcell (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iQ200 (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iRICELL (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LabPro Workstation and Database Computers Provided by Beckman Coulter (Microbiology) | All | | Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | The only known instance of vulnerability due to Log4J is using Axeda services | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH 500 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH Slidemaker (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH Slidestraine (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH750 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH780 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH785 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | MicroScan autoSCAN-4 (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | PK7300 (Blood Bank) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | PK7400 (Blood Bank) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Power Express (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Power Link (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Power Processor (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | PROService (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | RAP Box (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | REMISOL ADVANCE (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Sorting Drive (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxC 600 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxC 800 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxI 600 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxI 800 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 40 plus (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 40 SI (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 96 plus (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 96 SI (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | | Beijer Electronics | acirro+ | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Beijer Electronics | BFI frequency inverters | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Beijer Electronics | BSD servo drives | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | @@ -231,10 +487,10 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Beijer Electronics | WARP Engineering Studio | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Bender | | | | Unknown | [link](https://www.bender.de/en/cert) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Best Practical Request Tracker (RT) and Request Tracker for Incident Response (RTIR) | | | | Unknown | [link](https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BeyondTrust Bomgar | | | | Unknown | [link](https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | BeyondTrust | Privilege Management Cloud | | Unknown | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | BeyondTrust | Privilege Management Reporting in BeyondInsight | | 21.2 | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | BeyondTrust | Secure Remote Access appliances | | | Not Affected | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| BeyondTrust Bomgar | | | | Unknown | [link](https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | BioMerieux | | | | Unknown | [link](https://www.biomerieux.com/en/cybersecurity-data-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | BisectHosting | | | | Unknown | [link](https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | BitDefender | | | | Unknown | [link](https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -344,14 +600,16 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Campbell Scientific | All | | | Unknown | [link](https://s.campbellsci.com/documents/us/miscellaneous/log4j2-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | | Camunda | | | | Unknown | [link](https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Canary Labs | All | | | Unknown | [link](https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Alphenix (Angio Workstation) | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | CT Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Infinix-i (Angio Workstation) | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | MR Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | NM Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | UL Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Vitrea Advanced 7.x | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | XR Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Canon | Canon DR Products CXDI_NE) | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | Such as Omnera, FlexPro, Soltus | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | CT Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | Eye-Care Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | MR Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | NM Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | UL Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | Vitrea Advanced 7.x | All | | Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | VL Alphenix Angio Workstation (AWS) | All | | Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | VL Infinix-i Angio Workstation (AWS) | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | XR Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | CapStorm | Copystorm | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | CarbonBlack | | | | Unknown | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Carestream | | | | Unknown | [link](https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | @@ -495,18 +753,18 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Cisco | duo network gateway (on-prem/self-hosted) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cisco | Exony Virtualized Interaction Manager (VIM) | | | Unknown | [link](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cisco | Managed Services Accelerator (MSX) Network Access Control Service | | | Unknown | [link](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Citrix | Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Application Delivery Management (NetScaler MAS) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Cloud Connector | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Connector Appliance for Cloud Services | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Content Collaboration (ShareFile Integration) – Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Endpoint Management (Citrix XenMobile Server) | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised to apply the latest CEM rolling patch updates listed below as soon as possible to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). Note: Customers who have upgraded their XenMobile Server to the updated versions are recommended not to apply the responder policy mentioned in the blog listed below to the Citrix ADC vserver in front of the XenMobile Server as it may impact the enrollment of Android devices. For CVE-2021-45105: Investigation in progress. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Hypervisor (XenServer) | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix License Server | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix SD-WAN | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Virtual Apps and Desktops (XenApp & XenDesktop) | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: Customers are advised to apply the latest update as soon as possible to reduce the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for additional mitigations. For CVE-2021-45105: Investigation has shown that Linux VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: Linux VDA LTSR all versions; All other CVAD components. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Workspace App | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | ShareFile Storage Zones Controller | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Application Delivery Management (NetScaler MAS) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Cloud Connector | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Connector Appliance for Cloud Services | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Content Collaboration (ShareFile Integration)–Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Endpoint Management (Citrix XenMobile Server) | | 10.14 RP2, 10.13 RP5, 10.12 RP10 | Fixed | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Hypervisor (XenServer) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix License Server | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix SD-WAN | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Virtual Apps and Desktops (XenApp & XenDesktop) | | Linux Virtual Delivery Agent 2112 | Fixed | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Workspace App | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | ShareFile Storage Zones Controller | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Claris | | | | Unknown | [link](https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cloudera | AM2CM Tool | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cloudera | Ambari | Only versions 2.x, 1.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -558,7 +816,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Cloudron | | | | Unknown | [link](https://forum.cloudron.io/topic/6153/log4j-and-log4j2-library-vulnerability?lang=en-US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Clover | | | | Unknown | [link](https://community.clover.com/articles/35868/apache-log4j-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Code42 | Code42 App | | 8.8.1 | Fixed | [link](https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Code42 | Crashplan | | 8.8, possibly prior versions | Fixed | [link](https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates) | I think, they don't specify in the notice, but we know that they released an updated Crashplan client. Possibly prior versions affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Code42 | Crashplan | | All | Fixed | [link](https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates) | The CrashPlan app is EOL and is now called Code42. If you detect CrashPlan installed, it is vulnerable. You can update easily to Code42 8.8.1 or newer. | [https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | CodeBeamer | | | | Unknown | [link](https://codebeamer.com/cb/wiki/19872365) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Codesys | | | | Unknown | [link](https://www.codesys.com/news-events/news/article/log4j-not-used-in-codesys.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cohesity | | | | Unknown | [link](https://support.cohesity.com/s/article/Security-Advisory-Apache-Log4j-Remote-Code-Execution-RCE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -591,12 +849,12 @@ NOTE: This file is automatically generated. To submit updates, please refer to | CyberRes | | | | Unknown | [link](https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Daktronics | All Sport Pro | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Dakronics Media Player | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | -| Daktronics | Dakronics Web Player | DWP-1000 | | Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | DWP-1000: Not present in our codebase, but awaiting confirmation from LG re: webOS platform. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | +| Daktronics | Dakronics Web Player | DWP-1000 | | Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | DWP-1000 is not present in our codebase, but awaiting confirmation from LG re webOS platform. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Data Vision Software (DVS) | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | DVS has one microservice that uses Log4j, but it uses a version that is not impacted. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Dynamic Messaging System (DMS) | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Dynamic Messaging System - DMS Core Player | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Dynamic Messaging System - DMS Player hardware | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | -| Daktronics | Dynamic Messaging System - DMS Web Player | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | DMS Web Player: Not present in our codebase, but awaiting confirmation from LG re: webOS platform. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | +| Daktronics | Dynamic Messaging System - DMS Web Player | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | DMS Web Player not present in our codebase, but awaiting confirmation from LG re webOS platform. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | IBoot - Dataprobe IBoot Devices | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Outdoor Smartlink Devices | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Routers - Cisco Meraki Z3/Z3c Routers | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | @@ -608,42 +866,54 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Daktronics | Venus Control Suite (VCS) | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Video Image Processors | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Webcam - Mobotix | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | -| DarkTrace | | | | Unknown | [link](https://customerportal.darktrace.com/inside-the-soc/get-article/201) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Dassault Systèmes | | | | Unknown | [link](https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Databricks | | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Datadog | Datadog Agent | | >=6.17.0, <=6.32.2, >=7.17.0, <=7.32.2 | Fixed | [link](https://www.datadoghq.com/log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Dataminer | | | | Unknown | [link](https://community.dataminer.services/responding-to-log4shell-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| DarkTrace | All | | | Unknown | [link](https://customerportal.darktrace.com/inside-the-soc/get-article/201) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Dassault Systèmes | All | | | Unknown | [link](https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Databricks | All | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Datadog | Datadog Agent | | >=6.17.0, <=6.32.2, >=7.17.0, <=7.32.2 | Fixed | [link](https://www.datadoghq.com/log4j-vulnerability/) | JMX monitoring component leverages an impacted version of log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Datadog | datadog-kafka-connect-logs | | < 1.0.2 | Fixed | [link](https://www.datadoghq.com/log4j-vulnerability/) | Version 1.0.2 of the library uses version 2.16.0 of Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Datadog | datadog-lambda-java | | < 1.0.2 | Fixed | [link](https://www.datadoghq.com/log4j-vulnerability/) | Following AWS recommendation, library updated using the latest version of amazon-lambda-java-log4j2 (1.4.0). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Dataminer | All | | | Unknown | [link](https://community.dataminer.services/responding-to-log4shell-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Datev | | | | Unknown | [link](https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Datto | | | | Unknown | [link](https://www.datto.com/blog/dattos-response-to-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| dCache.org | | | | Unknown | [link](https://www.dcache.org/post/log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Debian | | | | Unknown | [link](https://security-tracker.debian.org/tracker/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Deepinstinct | | | | Unknown | [link](https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Dell | "Dell EMC PowerMax VMAX VMAX3 and VMAX AFA" | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | "Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC" | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Datto | All | | | Unknown | [link](https://www.datto.com/blog/dattos-response-to-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| DBeaver | All | | | Not Affected | [link](https://www.dcache.org/post/log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| dCache.org | All | | | Unknown | [link](https://www.dcache.org/post/log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Debian | Apache-log4j.1.2 | | | Not Affected | [link](https://security-tracker.debian.org/tracker/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Debian | Apache-log4j2 | | | Unknown | [link](https://security-tracker.debian.org/tracker/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Decos | Cloud | | | Not Affected | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | EvenementenAssistent + InkomensAssistent + Leerlingenvervoer + AIM online | | | Not Affected | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | Fixi | | | Not Affected | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | Integrations (StUF/ZGW/Doclogic-DataIntegrator) | | | Not Affected | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | JOIN Klant Contact | | | Not Affected | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | JOIN Zaak &I Document (on-premise) | | All | Fixed | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | The solution contains Elasticsearch (vulnerable). Mitigating actions available on our WIKI. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | JOIN Zaak &I Document (on-premise) | | All | Fixed | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | The SaaS hosted solution contains Logstash + Elasticsearch (vulnerable). Mitigating actions taken. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Deepinstinct | All | | | Unknown | [link](https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Dell | Alienware Command Center | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Alienware OC Controls | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Alienware On Screen Display | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Alienware Update | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | APEX Console | | N/A | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patched | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | APEX Data Storage Services | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patch in progress | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | APEX Console | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patched. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | APEX Data Storage Services | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patch in progress. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Atmos | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Azure Stack HCI | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Avamar vproxy | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | CalMAN Powered Calibration Firmware | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | CalMAN Ready for Dell | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Centera | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Chameleon Linux Based Diagnostics | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Chassis Management Controller (CMC) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | China HDD Deluxe | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Cloud IQ | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patched | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Client Platforms (Latitude, OptiPlex, Alienware, Inspiron, Precision, XPS, Vostro, ChengMing) BIOS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Cloud IQ | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patched. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Cloud Mobility for Dell EMC Storage | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Cloud Tiering Appliance | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | CloudIQ Collector | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Common Event Enabler | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Connectrix (Cisco MDS 9000 switches) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Connectrix (Cisco MDS DCNM) | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/23/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Connectrix B-Series SANnav | 2.1.1 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 3/31/2022 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Connectrix (Cisco MDS DCNM) | V, e, r, s, i, o, n, s, , p, r, i, o, r, , t, o, , 1, 1, ., 5, (, 1, x, ) | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/23/21. | [DSA-2021-302](https://www.dell.com/support/kbdoc/en-us/000194797/dsa-2021-302-dell-connectrix-mds-dcnm-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Connectrix B-Series SANnav | 2.1.1 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 2/28/2022. | [DSA-2021-266](https://www.dell.com/support/kbdoc/en-us/000194461/dsa-2021-266-dell-emc-connectrix-b-series-sannav-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Connextrix B Series | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | CyberSecIQ Application | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | CyberSense for PowerProtect Cyber Recovery | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Data Domain OS | Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-274 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Data Domain OS | Versions from 7.3.0.5 to 7.7.0.6 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-274 | [DSA-2021-274](https://www.dell.com/support/kbdoc/en-us/000194503/dsa-2021-274-dell-emc-data-domain-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell BSAFE Crypto-C Micro Edition | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell BSAFE Crypto-J | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell BSAFE Micro Edition Suite | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -671,65 +941,67 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Dell Display Manager 1.5 for Windows / macOS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Display Manager 2.0 for Windows / macOS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC AppSync | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Avamar | "18.2 19.1 19.2 19.3 19.4" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC BSN Controller Node | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-305 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Cloud Disaster Recovery | N/A | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Avamar | 18.2, 19.1, 19.2, 19.3, 19.4 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21. | [DSA-2021-277](https://www.dell.com/support/kbdoc/en-us/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC BSN Controller Node | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-305 | [DSA-2021-305](https://www.dell.com/support/kbdoc/en-us/000194631/dsa-2021-305-dell-emc-bsn-controller-node-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Cloud Disaster Recovery | Versions from 19.6 and later | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | [DSA-2021-289](https://www.dell.com/support/kbdoc/en-us/000194663/dsa-2021-289-dell-emc-cloud-disaster-recovery-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Cloudboost | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC CloudLink | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Container Storage Modules | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Data Computing Appliance (DCA) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Data Protection Advisor | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Data Protection Central | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021- 269 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Data Protection Search | Versions before 19.5.0.7 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-279 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Data Protection Advisor | | 18.x (or earlier) -standalone DPA is EOSL, 18.2.x (IDPA), 19.1.x, 19.2.x, 19.3.x, 19.4.x, 19.5.x, 19.6.0 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | [DSA-2021-309](https://www.dell.com/support/kbdoc/en-us/000194651/dsa-2021-309-dell-emc-dpa-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Data Protection Central | | 18.2.x-19.4.x, 19.5.0-19.5.0.7 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-269 | [DSA-2021-269](https://www.dell.com/support/kbdoc/en-us/000194557/dsa-2021-269-dell-emc-data-protection-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Data Protection Search | Versions before 19.6 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-279 | [DSA-2021-279](https://www.dell.com/support/kbdoc/en-us/000194629/dsa-2021-279-dell-emc-data-protection-search-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC DataIQ | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Disk Library for Mainframe | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC ECS | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/18/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Enterprise Storage Analytics for vRealize Operations | "<6.0.0 6.1.0 6.2.x" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-278 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Enterprise Storage Analytics for vRealize Operations | <6.0.0, 6.1.0, 6.2.x | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-278 | [DSA-2021-278](https://www.dell.com/support/kbdoc/en-us/000194488/dsa-2021-278) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC GeoDrive | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Integrated System for Azure Stack HCI | N/A | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | "Dell EMC Integrated System for Azure Stack HCI is not impacted by this advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect Gateway (SCG) were optionally installed with Dell EMC Integrated System for Azure Stack HCI monitor the following advisories. Apply workaround guidance and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Integrated System for Microsoft Azure Stack Hub | N/A | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Integrated System for Azure Stack HCI | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Dell EMC Integrated System for Azure Stack HCI is not impacted by this advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect Gateway (SCG) were optionally installed with Dell EMC Integrated System for Azure Stack HCI monitor the following advisories. See DSA-2021-307. | [DSA-2021-307](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Integrated System for Microsoft Azure Stack Hub | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 2022-01-31. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Isilon InsightIQ | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC License Manager | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Metro Node | 7.0.x | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-308 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC NetWorker Server | "19.5.x 19.4.x 19.3.x" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC NetWorker Virtual Edition | "19.5.x 19.4.x 19.3.x" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Metro Node | Versions before 7.0.1 P2 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-308 | [DSA-2021-308](https://www.dell.com/support/kbdoc/en-us/000194630/dsa-2021) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC NetWorker | 19.4.x, 19.5.x | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | [DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC NetWorker VE | 19.4.x, 19.5.x | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | [DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Networking Onie | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Networking Virtual Edge Platform with VersaOS | "with Versa Concerto with Versa Analytics with Versa Concero Director" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-304 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Networking Virtual Edge Platform with VersaOS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC OpenManage Ansible Modules | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC OpenManage Enterprise Services | Version 1.2 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | [DSA-2021-276](https://www.dell.com/support/kbdoc/en-us/000194652/dsa-2021-276-dell-emc-openmanage-enterprise-services-security-update-for-apache-log4j-remote-code-execution-vulnerabilities-cve-2021-44228-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC OpenManage integration for Splunk | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC OpenManage Integration for VMware vCenter | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC OpenManage Management pack for vRealize Operations | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge Manager | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerFlex Appliance | "All versions up to Intelligent Catalog 38_356_00_r10.zip All versions up to Intelligent Catalog 38_362_00_r7.zip" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerFlex Rack | N/A | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerFlex Software (SDS) | "3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerFlex Appliance | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-293. | [DSA-2021-293](https://www.dell.com/support/kbdoc/en-us/000194579/dsa-2021-293-dell-powerflex-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerFlex Rack | RCM 3.3 train - all versions up to 3.3.11.0, RCM 3.4 train - all versions up to 3.4.6.0, RCM 3.5 train - all versions up to 3.5.6.0, RCM 3.6 train - all versions up to 3.6.2.0 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-292. | [DSA-2021-292](https://www.dell.com/support/kbdoc/en-us/000194578/dsa-2021-292-dell-powerflex-rack-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerFlex Software (SDS) | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4, 3.6, 3.6.0.1, 3.6.0.2 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-272. | [DSA-2021-272](https://www.dell.com/support/kbdoc/en-us/000194548/dsa-2021-272-dell-powerflex-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerPath | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerPath Management Appliance | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerProtect Cyber Recovery | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerProtect Data Manager | All versions 19.9 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerProtect DP Series Appliance (iDPA) | 2.7.0 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerProtect Data Manager | All versions 19.9 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-286. | [DSA-2021-286](https://www.dell.com/support/kbdoc/en-us/000194549/dsa-2021-286-dell-emc-power-protect-data-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerProtect DP Series Appliance (iDPA) | 2.7.0 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA 2021-285. | [DSA-2021-285](https://www.dell.com/support/kbdoc/en-us/000194532/dsa-2021-285-dell-emc-integrated-data-protection-appliance-powerprotect-dp-series-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerScale OneFS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerShell for PowerMax | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerShell for Powerstore | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerShell for Unity | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerStore | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/23/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerVault MD3 Series Storage Arrays | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerStore | Versions before 2.0.1.3-1538564 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-295. | [DSA-2021-295](https://www.dell.com/support/kbdoc/en-us/000194739/dsa-2021-295-dell-emc-powerstore-family-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerSwitch Z9264F-ON BMC | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerSwitch Z9432F-ON BMC | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerVault ME4 Series Storage Arrays | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC RecoverPoint Classic | All 5.1.x and later versions | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC RecoverPoint for Virtual Machine | All 5.0.x and later versions | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC RecoverPoint | All | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA 2021-284. | [DSA 2021-284](https://www.dell.com/support/kbdoc/en-us/000194531/dsa-2021-284-dell-emc-recoverpoint-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Repository Manager (DRM) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Ruckus SmartZone 100 Controller | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Ruckus SmartZone 300 Controller | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Ruckus Virtual Software | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Ruckus SmartZone 100 Controller | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | [DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Ruckus SmartZone 300 Controller | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | [DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Ruckus Virtual Software | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | [DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC SourceOne | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC SRM vApp | Versions before 4.6.0.2 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 1/25/2022 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Streaming Data Platform | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/18/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC SRM | | Versions before 4.6.0.2 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-301. | [DSA-2021-301](https://www.dell.com/support/kbdoc/en-us/000194613/dsa-2021-301) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Streaming Data Platform | 1.1, 1.2, 1.2 HF1, 1.3, 1.3.1 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-297. | [DSA-2021-297](https://www.dell.com/support/kbdoc/en-us/000194627/dsa-2021-297-dell-emc-streaming-data-platform-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Systems Update (DSU) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Unisphere 360 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Unity | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/29/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Unity | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-294. | [DSA-2021-294](https://www.dell.com/support/kbdoc/en-us/000194826/dsa-2021-294-dell-emc-unity-dell-emc-unityvsa-and-dell-emc-unity-xt-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Virtual Storage Integrator | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC VPLEX | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC VxRail | "4.5.x 4.7.x 7.0.x" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC vProtect | 19.5-19.9 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2022-007. | [DSA-2022-007](https://www.dell.com/support/kbdoc/en-us/000195003/title-dsa-2022-007-dell-emc-vprotect-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC VxRail | 4.5.x, 4.7.x, 7.0.x | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-265. | [DSA-2021-265](https://www.dell.com/support/kbdoc/en-us/000194466/dsa-2021-265-dell-emc-vxrail-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC XC | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-311. | [DSA-2021-311](https://www.dell.com/support/kbdoc/en-us/000194822/dsa-2021-311-dell-emc-xc-series-and-core-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC XtremIO | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Encryption Enterprise* | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Encryption Personal* | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -738,15 +1010,18 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Dell ImageAssist | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Insights Client | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Linux Assistant | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell Memory Solutions | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Mobile Connect | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Monitor ISP (Windows/Mac/Linux) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Monitor SDK | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Networking X-Series | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell Open Manage Mobile | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell Open Manage Server Administrator | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell Open Management Enterprise - Modular | <1.40.10 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-268 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell OpenManage Change Management | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell OpenManage Enterprise Power Manager Plugin | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Enterprise | Versions before 3.8.2 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-275 | [DSA-2021-275](https://www.dell.com/support/kbdoc/en-us/000194638/dsa-2021-275-dell-emc-openmanage-enterprise-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Enterprise CloudIQ plugin | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Enterprise Modular | Versions before 1.40.10 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-268 | [DSA-2021-268](https://www.dell.com/support/kbdoc/en-us/000194625/dsa-2021-268-dell-emc-openmanage-enterprise-modular-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Enterprise Power Manager plugin | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Mobile | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Server Administrator | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Optimizer | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell OS Recovery Tool | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Peripheral Manager 1.4 / 1.5 for Windows | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -767,13 +1042,13 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Dell True Color | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Trusted Device | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Update | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | DellEMC OpenManage Enterprise Services | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dream Catcher | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | DUP Creation Service | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | DUP Framework (ISG) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | ECS | | 3.3.x, 3.4.x, 3.5.x, 3.6.0.x, 3.6.1.x, 3.6.2.0 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-273. | [DSA-2021-273](https://www.dell.com/support/kbdoc/en-us/000194612/dsa-2021-273-dell-emc-ecs-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Embedded NAS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Embedded Service Enabler | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Enterprise Hybrid Cloud | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | [link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Enterprise Hybrid Cloud | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-270. | [DSA-2021-270](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Equallogic PS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Fluid FS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | iDRAC Service Module (iSM) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -781,9 +1056,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Integrated Dell Remote Access Controller (iDRAC) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | ISG Accelerators | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | ISG Board & Electrical | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | ISG Drive & Storage Media | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | IsilonSD Management Server | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | IVE-WinDiag | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Mainframe Enablers | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | MDS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | My Dell | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | MyDell Mobile | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | NetWorker Management Console | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -791,7 +1068,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Networking DIAG | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Networking N-Series | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Networking OS 10 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Networking OS9 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Networking OS 9 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Networking SD-WAN Edge SD-WAN | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Networking W-Series | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Networking X-Series | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -799,15 +1076,18 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | OMNIA | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | OpenManage Connections - Nagios | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | OpenManage Connections - ServiceNow | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | OpenManage Enterprise | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | OpenManage Integration for Microsoft System Center for System Center Operations Manager | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | OpenManage Integration with Microsoft Windows Admin Center | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | OpenManage Network Integration | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | OpenManage Power Center | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerConnect N3200 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerConnect PC2800 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerConnect PC8100 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | PowerEdge Accelerator Solutions | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerEdge BIOS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | PowerEdge Networking Solutions | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerEdge Operating Systems | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | PowerEdge RAID Controller Solutions | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerTools Agent | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PPDM Kubernetes cProxy | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PPDM VMware vProxy | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -817,8 +1097,9 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Rugged Control Center (RCC) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SD ROM Utility | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SDNAS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Secure Connect Gateway (SCG) Appliance | "5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-282 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Secure Connect Gateway (SCG) Policy Manager | "5.00.00.10 5.00.05.10" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-281 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Secure Connect Gateway (SCG) Appliance | "5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-282 | [] | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Secure Connect Gateway (SCG) Appliance | | 5.00.00, 5.00.05, and 4.0.06 and earlier versions (OVF and VHD) | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-282 | [DSA-2021-282](https://www.dell.com/support/kbdoc/en-us/000194624/dsa-2021-282-dell-emc-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Secure Connect Gateway (SCG) Policy Manager | | 5.00.00.10, 5.00.05.10 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-281 | [DSA-2021-281](https://www.dell.com/support/kbdoc/en-us/000194539/dsa-2021-281-dell-emc-policy-manager-for-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Server Storage | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Smart Fabric Storage Software | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SmartByte | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -827,271 +1108,341 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Solutions Enabler | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Solutions Enabler vApp | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Sonic | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | SRS Policy Manager | 7 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | SRS Policy Manager | | 7.0 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-287. | [DSA-2021-287](https://www.dell.com/support/kbdoc/en-us/000194544/dsa-2021-287-dell-emc-srs-policy-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SRS VE | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Storage Center - Dell Storage Manager | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Storage Center - Dell Storage Manager | 16.x, 17.x, 18.x, 19.x, 20.1.1 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-310. | [DSA-2021-310](https://www.dell.com/support/kbdoc/en-us/000194790/dsa-2021-310-storage-center-dell-storage-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Storage Center OS and additional SC applications unless otherwise noted | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SupportAssist Client Commercial | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SupportAssist Client Consumer | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | SupportAssist Enterprise | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/23/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | SupportAssist Enterprise | 2.0.70 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-283. | [DSA-2021-283](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | UCC Edge | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Unisphere Central | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 1/10/2022 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Unisphere Central | | Versions before 4.0 SP 9.2 (4.0.9.1541235) | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-296. | [DSA-2021-296](https://www.dell.com/support/kbdoc/en-us/000194874/dsa-2021-296-dell-emc-unisphere-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Unisphere for PowerMax | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Unisphere for PowerMax vApp | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Unisphere for VMAX | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Unisphere for VNX | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Update Manager Plugin | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Vblock | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending See vce6771 (requires customer login) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Vblock | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending See vce6771 (requires customer login). This advisory is available to customer only and has not been reviewed by CISA. | [vce6771](https://support-dellemc-com.secure.force.com/) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | ViPR Controller | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | VMware vRealize Automation 8.x | "8.2 8.3 8.4 8.5 and 8.6" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | VMware vRealize Orchestrator 8.x | "8.2 8.3 8.4 8.5 and 8.6" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VMware vRealize Automation 8.x | 8.2 8.3 8.4 8.5 and 8.6 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VMware vRealize Orchestrator 8.x | 8.2 8.3 8.4 8.5 and 8.6 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VNX Control Station | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | VNX1 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | VNX2 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | VNXe 1600 | Versions 3.1.16.10220572 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | VNXe 3200 | Version 3.1.15.10216415 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VNXe 1600 | | Versions 3.1.16.10220572 and earlier | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-299 | [DSA-2021-299](https://www.dell.com/support/kbdoc/en-us/000194605/dsa-2021-299-dell-emc-vnxe1600-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VNXe 3200 | | Version 3.1.15.10216415 and earlier | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-298 | [DSA-2021-298](https://www.dell.com/support/kbdoc/en-us/000194606/dsa-2021-298-dell-emc-vnxe3200-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | VPLEX VS2/VS6 / VPLEX Witness | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | vRealize Data Protection Extension Data Management | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | vRealize Data Protection Extension for vRealize Automation (vRA) 8.x | "version 19.6 version 19.7 version 19.8 and version 19.9" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage | Various | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | vRO Plugin for Dell EMC PowerMax | Version 1.2.3 or earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | vRO Plugin for Dell EMC PowerScale | Version 1.1.0 or earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | vRealize Data Protection Extension Data Management | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-290. | [DSA-2021-290](https://www.dell.com/support/kbdoc/en-us/000194614/dsa-2021-290-dell-emc-vrealize-data-protection-extension-for-vrealize-automation-vra-8-x-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300. | [DSA-2021-300](https://www.dell.com/support/kbdoc/en-us/000194610/dsa-2021-300) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | vRO Plugin for Dell EMC PowerMax | | Version 1.2.3 or earlier | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | vRO Plugin for Dell EMC PowerScale | | Version 1.1.0 or earlier | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | vRO Plugin for Dell EMC PowerStore | Version 1.1.4 or earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | vRO Plugin for Dell EMC Unity | Version 1.0.6 or earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | vRO Plugin for Dell EMC XtremIO | Version 4.1.2 or earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Vsan Ready Nodes | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | VxBlock | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | "Patch pending See vce6771 (requires customer login) " | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VxBlock | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending See vce6771 (requires customer login). This advisory is available to customer only and has not been reviewed by CISA. | [vce6771](https://support-dellemc-com.secure.force.com/) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Warnado MLK (firmware) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Wyse Management Suite | <3.5 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-267 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Wyse Management Suite | | < 3.5 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-267 | [DSA-2021-267](https://www.dell.com/support/kbdoc/en-us/000194459/dsa-2021-267-dell-wyse-management-suite-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Wyse Proprietary OS (ThinOS) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Wyse Windows Embedded Suite | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Deltares | Delft-FEWS | | >2018.02 | Fixed | [link](https://publicwiki.deltares.nl/display/FEWSDOC/Delft-FEWS+and+Log4J+vulnerability) | Mitigations Only | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Denequa | | | | Unknown | [link](https://denequa.de/log4j-information.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Device42 | | | | Unknown | [link](https://blog.device42.com/2021/12/13/log4j-zero-day/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Devolutions | All products | | | Unknown | [link](https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Diebold Nixdorf | | | | Unknown | [link](https://www.dieboldnixdorf.com/en-us/apache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Digi International | AnywhereUSB Manager | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | ARMT | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Aview | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | AVWOB | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | CTEK G6200 family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | CTEK SkyCloud | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | CTEK Z45 family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi 54xx family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi 63xx family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi AnywhereUSB (G2) family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi AnywhereUSB Plus family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Connect EZ family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Connect family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Connect IT family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Connect Sensor family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Connect WS family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi ConnectPort family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi ConnectPort LTS family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Embedded Android | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Embedded Yocto | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi EX routers | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi IX routers | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi LR54 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Navigator | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi One family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Passport family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi PortServer TS family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Remote Manager | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi TX routers | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR11 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR21 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR31 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR44R/RR | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR54 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR64 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Xbee mobile app | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Lighthouse | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Realport | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Remote Hub Config Utility | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digicert | | | | Unknown | [link](https://knowledge.digicert.com/alerts/digicert-log4j-response.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Digital AI | | | | Unknown | [link](https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Denequa | All | | | Unknown | [link](https://denequa.de/log4j-information.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Device42 | All | | | Not Affected | [link](https://blog.device42.com/2021/12/13/log4j-zero-day/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Devolutions | All | | | Not Affected | [link](https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Diebold Nixdorf | All | | | Unknown | [link](https://www.dieboldnixdorf.com/en-us/apache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Digi International | AnywhereUSB Manager | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | ARMT | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Aview | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | AVWOB | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | CTEK G6200 family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | CTEK SkyCloud | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | CTEK Z45 family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi 54xx family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi 63xx family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi AnywhereUSB (G2) family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi AnywhereUSB Plus family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Connect EZ family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Connect family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Connect IT family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Connect Sensor family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Connect WS family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi ConnectPort family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi ConnectPort LTS family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Embedded Android | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Embedded Yocto | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi EX routers | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi IX routers | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi LR54 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Navigator | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi One family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Passport family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi PortServer TS family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Remote Manager | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi TX routers | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR11 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR21 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR31 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR44R/RR | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR54 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR64 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Xbee mobile app | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Lighthouse | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Realport | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Remote Hub Config Utility | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digicert | All | | | Unknown | [link](https://knowledge.digicert.com/alerts/digicert-log4j-response.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Digital AI | All | | | Unknown | [link](https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Digital Alert Systems | All | | | Unknown | [link](https://www.digitalalertsystems.com/default-2.htm) | Formerly Monroe Electronics, Inc. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | -| DNSFilter | | | | Unknown | [link](https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Docker | | | | Unknown | [link](https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Docusign | | | | Unknown | [link](https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| DrayTek | Vigor Routers, Access Points, Switches, VigorACS Central Management Software, MyVigor Platform | | | Unknown | [link](https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| DSpace | | | | Unknown | [link](https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Dynatrace | ActiveGate | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | Dynatrace Extensions | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | FedRamp SAAS | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | Managed cluster nodes | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | OneAgent | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | SAAS | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | Synthetic Private ActiveGate | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | Synthetic public locations | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| EasyRedmine | | | | Unknown | [link](https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Eaton | Undisclosed | Undisclosed | | Affected | [link](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf) | Doesn't openly disclose what products are affected or not for quote 'security purposes'. Needs email registration. No workaround provided due to registration wall. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| EclecticIQ | | | | Unknown | [link](https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Eclipse Foundation | | | | Unknown | [link](https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228)) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Edwards | | | | Unknown | [link](https://www.edwards.com/devices/support/product-security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | -| EFI | | | | Unknown | [link](https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| EGroupware | | | | Unknown | [link](https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Elastic | APM Java Agent | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | APM Server | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Beats | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Cmd | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elastic Agent | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elastic Cloud | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elastic Cloud Enterprise | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elastic Cloud Enterprise | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elastic Cloud on Kubernetes | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elastic Endgame | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elastic Maps Service | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elasticsearch | 5, 6, 8 | | Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Endpoint Security | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Enterprise Search | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Fleet Server | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Kibana | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Logstash | <6.8.21, <7.16.1 | | Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Machine Learning | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| ElasticSearch | all products | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Elastic | Swiftype | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Ellucian | Admin | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Banner Analytics | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Banner Document Management (includes Banner Document Retention) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Banner Event Publisher | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Banner Integration for eLearning | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Banner Integration for eProcurement | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Banner Self Service | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Banner Workflow | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Colleague | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | On-prem and cloud deployements expect fixed 12/18/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Colleague Analytics | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | CRM Advance | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | CRM Advise | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | CRM Recruit | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Advance Web Connector | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Data Access | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Design Path | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Ellucian Portal | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian ePrint | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Ethos API & API Management Center | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Ethos Extend | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Ethos Integration | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian eTranscripts | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Experience | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Intelligent Platform (ILP) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian International Student and Scholar Management (ISSM) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Message Service (EMS) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Messaging Adapter (EMA) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Mobile | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Payment Gateway | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian PowerCampus | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Solution Manager | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Workflow | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Enterprise Identity Services(BEIS) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 148 Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 2051 Pressure Transmitter Family | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 2088 Pressure Transmitter Family | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 2090F/2090P Pressure Transmitters | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 215 Pressure Sensor Module | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 248 Configuration Application | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 248 Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 3051 & 3051S Pressure transmitter families | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 3144P Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 326P Pressure Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 326T Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 327T Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 4088 Pressure Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 4088 Upgrade Utility | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 4600 Pressure Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 4732 Endeavor | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 4732 Endeavor | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 550 PT Pressure Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 5726 Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 5726 Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 644 Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 648 Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 848T Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Combustion: OCX OXT 6888 CX1100 6888Xi | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT2211 QCL Aerosol Microleak Detection System | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT3000 QCL Automotive OEM Gas Analyzer | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT4000 QCL Marine OEM Gas Analyzer | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT4215 QCL Packaging Leak Detection System | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT4400 QCL General Purpose Continuous Gas Analyzer | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT4404 QCL pMDI Leak Detection Analyzer | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT5100 QCL Field Housing Continuous Gas Analyzer | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT5400 QCL General Purpose Continuous Gas Analyzer | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT5800 QCL Flameproof Housing Continuous Gas Analyzer | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | DHNC1 DHNC2 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | DHNC1 DHNC2 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Emerson Aperio software | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Engineering Assistant 5.x & 6.x | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Fieldwatch and Service consoles | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Fieldwatch and Service consoles | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Flarecheck FlowCheck Flowel & PWAM software | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Flarecheck FlowCheck Flowel & PWAM software | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle Monitor | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle Monitor | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Incus Ultrasonic gas leak detector | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | K-Series Coriolis Transmitters | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | K-Series Coriolis Transmitters | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Liquid Transmitters: 5081 1066 1056 1057 56 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Mark III Gas and Liquid USM | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Mark III Gas and Liquid USM | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | MPFM2600 & MPFM5726 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | MPFM2600 & MPFM5726 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Plantweb Advisor for Metrology and Metering Suite SDK | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Plantweb Advisor for Metrology and Metering Suite SDK | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Prolink Configuration Software | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Prolink Configuration Software | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Prolink Mobile Application & ProcessViz Software | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Prolink Mobile Application & ProcessViz Software | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount 2230 Graphical Field Display | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount 2240S Multi-input Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount 2410 Tank Hub | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount 2460 System Hub | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount 3490 Controller | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount CMS/IOU 61 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount CMS/SCU 51/SCC | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount CMS/WSU 51/SWF 51 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount IO-Link Assistant | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount Level Detectors (21xx) | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount Radar Configuration Tool | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount Radar Level Gauges (Pro 39xx 59xx) | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount RadarMaster and RadarMaster Plus | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount Tank Radar Gauges (TGUxx) | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount TankMaster and TankMaster Mobile | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Spectrex family Flame Detectors and Rosemount 975 flame detector | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Vortex and Magmeter Transmitters | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Vortex and Magmeter Transmitters | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | WCM SWGM | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | WCM SWGM | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| EnterpriseDT | | | | Unknown | [link](https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ESET | | | | Unknown | [link](https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| DirectAdmin | All | | | Not Affected | [link](https://forum.directadmin.com/threads/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare.65173/#post-339723) | Invidivual plugins not developed as part of DirectAdmin core may be vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | +| DNSFilter | All | | | Unknown | [link](https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Docker | Infrastructure | | | Not Affected | [link](https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/) | Docker infrastructure not vulnerable, Docker images could be vulnerable. For more info see source. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Docusign | All | | | Unknown | [link](https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| DotCMS | Hybrid Content Management System | | | Fixed | [link](https://github.com/dotCMS/core/issues/21393) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| DrayTek | All | | | Not Affected | [link](https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dropwizard | All | | | Not Affected | [link](https://twitter.com/dropwizardio/status/1469285337524580359) | Only vulnerable if you manually added Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dräger | All | | | Not Affected | [link](https://static.draeger.com/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| DSpace | All | | | Unknown | [link](https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Dynatrace | ActiveGate | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | Cloud Services | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | Extensions | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | FedRamp SAAS | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | Managed cluster nodes | | | Not Affected | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | OneAgent | | | Not Affected | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | SAAS | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | Synthetic Private ActiveGate | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | Synthetic public locations | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| EasyRedmine | All | | | Unknown | [link](https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Eaton | All | | | Unknown | [link](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf) | For security purposes direct notifications are being made to impacted customers. Please stay tuned for more updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| EclecticIQ | TIP | < 2.11 | | Affected | [link](https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2) | This advisory is available to customer only and has not been reviewed by CISA. The Threat Intel Platform includes Neo4j 3.5.12 (not vulnerable) and Elasticsearch and Logstash OSS 7.9.1 (vulnerable) see Elasticsearch below for mitigation. See link in their own fix for Logstash (Support account needed, ongoing investigation) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Eclipse Foundation | All | | | Unknown | [link](https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228)) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Edwards | All | | | Not Affected | [link](https://www.edwards.com/devices/support/product-security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | +| EFI | All | | | Unknown | [link](https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| eG Innovations | eG Enterprise | | | Not Affected | [link](https://www.eginnovations.com/brochures/eGEnterprise-and-Log4jShell-Vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | +| EGroupware | All | | | Unknown | [link](https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Elastic | APM Java Agent | | 1.17.0 - 1.28.0 | Fixed | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | Only vulnerable with specific configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | APM Server | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Beats | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Cmd | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Elastic Agent | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Elastic Cloud | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Elastic Cloud Enterprise | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Elastic Cloud on Kubernetes | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Elastic Endgame | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Elastic Maps Service | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Elasticsearch | | 7.16.2 | Fixed | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Endpoint Security | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Enterprise Search | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Fleet Server | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Kibana | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Logstash | | 6.8.22 | Fixed | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Machine Learning | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Swiftype | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ellucian | Admin | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Banner Analytics | | | Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Banner Document Management (includes Banner Document Retention) | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Banner Event Publisher | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Banner Integration for eLearning | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Banner Integration for eProcurement | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Banner Self Service | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Banner Workflow | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Colleague | | | Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | On-prem and cloud deployements expect fixed 12/18/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Colleague Analytics | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | CRM Advance | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | CRM Advise | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | CRM Recruit | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Advance Web Connector | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Data Access | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Design Path | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian ePrint | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Ethos API & API Management Center | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Ethos Extend | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Ethos Integration | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian eTranscripts | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Experience | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Intelligent Platform (ILP) | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian International Student and Scholar Management (ISSM) | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Message Service (EMS) | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Messaging Adapter (EMA) | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Mobile | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Payment Gateway | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Portal | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian PowerCampus | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Solution Manager | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Workflow | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Enterprise Identity Services (BEIS) | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 148 Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 2051 Pressure Transmitter Family | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 2088 Pressure Transmitter Family | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 2090F/2090P Pressure Transmitters | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 215 Pressure Sensor Module | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 248 Configuration Application | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 248 Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 3051 & 3051S Pressure transmitter families | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 3144P Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 326P Pressure Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 326T Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 327T Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 4088 Pressure Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 4088 Upgrade Utility | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 4600 Pressure Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 4732 Endeavor | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 550 PT Pressure Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 5726 Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 644 Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 648 Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 848T Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Combustion - OCX OXT 6888 CX1100 6888Xi | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT2211 QCL Aerosol Microleak Detection System | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT3000 QCL Automotive OEM Gas Analyzer | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT4000 QCL Marine OEM Gas Analyzer | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT4215 QCL Packaging Leak Detection System | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT4400 QCL General Purpose Continuous Gas Analyzer | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT4404 QCL pMDI Leak Detection Analyzer | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT5100 QCL Field Housing Continuous Gas Analyzer | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT5400 QCL General Purpose Continuous Gas Analyzer | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT5800 QCL Flameproof Housing Continuous Gas Analyzer | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | DHNC1 DHNC2 | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | DHNC1 DHNC2 | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Emerson Aperio software | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Engineering Assistant | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Fieldwatch and Service consoles | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Fieldwatch and Service consoles | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Flame Detection - 975UF & 975UR Infrared Flame Detectors 975HR Infrared Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Flarecheck FlowCheck Flowel & PWAM software | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Flarecheck FlowCheck Flowel & PWAM software | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Gas Analysis - X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Gas Chromatographs - M500/2350A MON2000 700XA/1500XA 370XA MON2020 | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Gas Detection - Millennium II Basic Single & Dual Channel 928 Wireless Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle Monitor | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Incus Ultrasonic gas leak detector | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | K-Series Coriolis Transmitters | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Liquid Transmitters - 5081 1066 1056 1057 56' | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Mark III Gas and Liquid USM | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | MPFM2600 & MPFM5726 | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Plantweb Advisor for Metrology and Metering Suite SDK | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Prolink Configuration Software | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Prolink Mobile Application & ProcessViz Software | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount 2230 Graphical Field Display | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount 2240S Multi-input Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount 2410 Tank Hub | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount 2460 System Hub | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount 3490 Controller | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount CMS/IOU 61 | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount CMS/SCU 51/SCC | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount CMS/WSU 51/SWF 51 | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount IO-Link Assistant | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount Level Detectors (21xx) | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount Radar Configuration Tool | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount Radar Level Gauges (Pro 39xx 59xx) | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount RadarMaster | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount RadarMaster Plus | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount Tank Radar Gauges (TGUxx) | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount TankMaster | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount TankMaster Mobile | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Spectrex family Flame Detectors and Rosemount 975 flame detector | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Vortex and Magmeter Transmitters | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | WCM SWGM | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Enfocus | BoardingPass | | | Not Affected | [link](https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Enfocus | Connect | | | Not Affected | [link](https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Enfocus | PDF Review Module | | | Not Affected | [link](https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Enfocus | PitStop | | | Not Affected | [link](https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Enfocus | Switch | | | Not Affected | [link](https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Enovation | All | | | Unknown | [link](https://enovationgroup.com/nl/nieuws/log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| EnterpriseDT | All | | | Unknown | [link](https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ESET | All | | | Not Affected | [link](https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ESET | Secure Authentication | | | Fixed | [link](https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ESRI | ArcGIS Data Store | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | ESRI | ArcGIS Enterprise | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | ESRI | ArcGIS GeoEvent Server | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | ESRI | ArcGIS Server | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | ESRI | ArcGIS Workflow Manager Server | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | ESRI | Portal for ArcGIS | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Estos | | | | Unknown | [link](https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Evolveum Midpoint | | | | Unknown | [link](https://evolveum.com/midpoint-not-vulnerable-to-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ewon | | | | Unknown | [link](https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Exabeam | | | | Unknown | [link](https://community.exabeam.com/s/discussions?t=1639379479381) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Exact | | | | Unknown | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Exivity | | | | Unknown | [link](https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Estos | All | | | Not Affected | [link](https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| EVL Labs | JGAAP | | <8.0.2 | Fixed | [link](https://github.com/evllabs/JGAAP/releases/tag/v8.0.2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Evolveum Midpoint | Midpoint | | | Not Affected | [link](https://evolveum.com/midpoint-not-vulnerable-to-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ewon | All | | | Not Affected | [link](https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Ewon | eCatcher | | 6.7.6 | Fixed | [link](https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Exabeam | All | | | Unknown | [link](https://community.exabeam.com/s/discussions?t=1639379479381) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | AEC | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Audition | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | BoekhoudGemak | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Bouw7 | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Business Suite | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | CommunicatieGemak | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Consolidation powered by LucaNet | | | Fixed | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Digipoort | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | DigitaleFactuur | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Dimoni | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | EDI Gateway | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | FDS | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Financials | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | FiscaalGemak | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Globe Core Product | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Globe E-report/Crystal Reports | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Go2UBL | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Gripp | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | HR & SalarisGemak | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Insights (Qlik) | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Officient | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Online All core products | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Online Elastic Search | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Online Samenwerken (OSW) | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Payroll Plus (Loket) | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | ProAcc | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | ProQuro | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | RapportageGemak | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Reeleezee | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | ScanSys | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | SRXP | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Synergy Core Product | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Synergy Elastic Search | | 6.6.2 | Fixed | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | WerkprogrammaGemak | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Winbooks | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | WMS | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exivity | On-Premise | | | Not Affected | [link](https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extensis | Universal Type Server | | >=7.0.6 | Fixed | [link](https://help.extensis.com/hc/en-us/articles/4412767414299-Universal-Type-Server-7-and-Log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ExtraHop | Reveal(x) | <=8.4.6, <=8.5.3, <=8.6.4 | | Affected | [link](https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148) | Versions >8.4.7, >8.5.4, >8.6.5 and >=8.7 are fixed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| eXtreme Hosting | | | | Unknown | [link](https://extremehosting.nl/log4shell-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Extreme Networks | | | | Unknown | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Extron | | | | Unknown | [link](https://www.extron.com/featured/Security-at-Extron/extron-security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F-Secure | Elements Connector | | | Unknown | [link](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F-Secure | Endpoint Proxy | 13-15 | | Affected | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F-Secure | Messaging Security Gateway | | | Unknown | [link](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F-Secure | Policy Manager | 13-15 | | Affected | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F-Secure | Policy Manager Proxy | 13-15 | | Affected | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| eXtreme Hosting | All | | | Not Affected | [link](https://extremehosting.nl/log4shell-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | 200-series | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | BOSS | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | EXOS | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Extreme AirDefense | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Extreme Campus Controller (Extreme Cloud Appliance) | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Extreme Fabric Automation (EFA) | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Extreme Management Center (XMC) | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Extreme Visibility Manager (XVM) | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeAnalytics | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeCloud A3 | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeCloud IQ | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeConnect | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeControl | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeGuest | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeLocation | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeWireless (IdentiFi) | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Fabric Manager | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Guest and IoT Manager (GIM) | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | HiveManager Classic On-Premises | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | HiveManager Classic Online | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Ipanema Ip | Engine | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Ipanema SALSA | | 9.3.8, 9.4.3 | Fixed | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Ipanema SD-WAN Orchestrator | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | IQEngine (HiveOS) | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | IQVA | | 21.1.22.1-IQVA | Fixed | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | NetIron OS | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Network OS | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | NSight | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | SLX-OS | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Traffic Sensor | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | VGVA | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | VOSS | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | WiNG | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extron | All | | | Unknown | [link](https://www.extron.com/featured/Security-at-Extron/extron-security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F-Secure | Elements Connector | | | Fixed | [link](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F-Secure | Endpoint Proxy | | 13 through 15 | Fixed | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F-Secure | Messaging Security Gateway | | | Fixed | [link](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F-Secure | Policy Manager | | 13 through 15 | Fixed | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F-Secure | Policy Manager Proxy | | 13 through 15 | Fixed | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F5 | BIG-IP (all modules) | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F5 | BIG-IQ Centralized Management | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F5 | F5OS | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1103,220 +1454,329 @@ NOTE: This file is automatically generated. To submit updates, please refer to | F5 | NGINX Plus | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F5 | NGINX Service Mesh | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F5 | NGINX Unit | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F5 | Traffix SDC | 5.x (5.2.0 CF1, 5.1.0 CF-30 - 5.1.0 CF-33) | | Affected | [link](https://support.f5.com/csp/article/K19026212) | Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + Kibana), Element Management System | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FAST LTA | | | | Unknown | [link](https://blog.fast-lta.de/en/log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fastly | | | | Unknown | [link](https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FedEx | Ship Manager Software | Unknown | | Affected | [link](https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4) | Note: FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Fiix | Fiix CMMS Core | | v5 | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| FileCap | | | | Unknown | [link](https://mailchi.mp/3f82266e0717/filecap-update-version-511) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FileCatalyst | | | | Unknown | [link](https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FileCloud | | | | Unknown | [link](https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FileWave | | | | Unknown | [link](https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FINVI | | | | Unknown | [link](https://finvi.com/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FireDaemon | | | | Unknown | [link](https://kb.firedaemon.com/support/solutions/articles/4000178630) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fisher & Paykel Healthcare | | | | Unknown | [link](https://www.fphcare.com/us/our-company/contact-us/product-security/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Flexagon | | | | Unknown | [link](https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Flexera | | | | Unknown | [link](https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | DLP Manager | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | Forcepoint Cloud Security Gateway (CSG) | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | Next Generation Firewall (NGFW) | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | One Endpoint | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | Security Manager (Web, Email and DLP) | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forescout | | | | Unknown | [link](https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ForgeRock | Autonomous Identity | | | Unknown | [link](https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa) | all other ForgeRock products Not vulnerable | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiAIOps | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiAnalyzer | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiAnalyzer Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiAP | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiAuthenticator | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiCASB | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiConvertor | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiDeceptor | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiEDR Agent | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiEDR Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiGate Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiGSLB Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiMail | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiManager | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiManager Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiNAC | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiNAC | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiOS (includes FortiGate & FortiWiFi) | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiPhish Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiPolicy | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiPortal | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiRecorder | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiSIEM | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiSOAR | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiSwicth Cloud in FortiLANCloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiSwitch & FortiSwitchManager | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiToken Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiVoice | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiWeb Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | ShieldX | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FTAPI | | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fujitsu | | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FusionAuth | FusionAuth | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GE Digital | | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Digital Grid | | | | Unknown | [link](https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Asset Performance Management (APM) | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | GE verifying workaround. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Baseline Security Center (BSC) | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Baseline Security Center (BSC) 2.0 | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Control Server | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | The Control Server is Affected via vCenter. There is a fix for vCenter. Please see below. GE verifying the vCenter fix as proposed by the vendor. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Tag Mapping Service | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| F5 | Traffix SDC | 5.x, 5.2.0 CF1, 5.1.0 CF-30 - 5.1.0 CF-33 | | Affected | [link](https://support.f5.com/csp/article/K19026212) | Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + Kibana), Element Management System | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FAST LTA | All | | | Unknown | [link](https://blog.fast-lta.de/en/log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fastly | All | | | Unknown | [link](https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FedEx | Ship Manager Software | 340x | | Affected | [link](https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4) | Note - FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| FedEx | Ship Manager Software | | 3509 | Fixed | [link](https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4) | Note - FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Fiix | Fiix CMMS Core | | v5 | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required. This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| FileCap | Plugins | | | Not Affected | [link](https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FileCap | Server | | 5.1.3 | Fixed | [link](https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FileCatalyst | All | | | Unknown | [link](https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FileCloud | All | | | Unknown | [link](https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FileWave | All | | | Unknown | [link](https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FileZilla | All | | | Not Affected | [link](https://forum.filezilla-project.org/viewtopic.php?f=6&t=54338) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FINVI | All | | | Unknown | [link](https://finvi.com/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FireDaemon | All | | | Unknown | [link](https://kb.firedaemon.com/support/solutions/articles/4000178630) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fisher & Paykel Healthcare | All | | | Not Affected | [link](https://www.fphcare.com/us/our-company/contact-us/product-security/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Flexagon | All | | | Unknown | [link](https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Flexera | All | | | Unknown | [link](https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Advanced Malware Detection | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Behavioral Analytics | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Bitglass SSE | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | CASB | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Cloud Security Gateway (CSG) | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Content Gateway | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | DDP/DUP/DPS | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Directory Synchronization | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | DLP Manager | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Email Security | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Insider Threat | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Next Generation Firewall (NGFW) | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | NGFW Security Management Center | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | NGFW Virtual SMC Appliances | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | NGFW VPN Client | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | One Endpoint | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Security Manager (Web, Email and DLP) | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Sidewinder | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | User ID service | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Web Security | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forescout | All | | | Unknown | [link](https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ForgeRock | Autonomous Identity | | | Fixed | [link](https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa) | All other ForgeRock products not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | Autonomous Identity | | | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiADC | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAI | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAIOps | | 1.0.2 | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAnalyzer | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAnalyzer Big Cloud | | 6.4.7, 7.0.2 | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAnalyzer Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAP | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAuthenticator | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiCache | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiCarrier | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiCASB | | | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiClient | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiClient Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiClient EMS | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiConnect | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiConverter Portal | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiCWP | | | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiDDoS | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiDDoS-F | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiDeceptor | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiEDR Agent | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiEDR Cloud | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiExtender Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiGate Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiGSLB Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiInsight | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiIsolator | | 2.3.4 | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiLAN Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiMail | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiManager | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiManager Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiMonitor | | | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiNAC | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiOS (includes FortiGate & FortiWiFi) | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiPenTest | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiPhish Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiPolicy | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiPortal | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiPresence | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiProxy | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiRecorder | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSandbox | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSASE | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSIEM | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSOAR | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSwitch & FortiSwitchManager | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSwitch Cloud in FortiLANCloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiTester | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiToken Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiVoice | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiWeb Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiWLC | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiWLM | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | ShieldX | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FTAPI | All | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fuji Electric | MONITOUCH TS1000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH TS1000S series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH TS2000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH V8 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH V9 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH X1 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | TELLUS and V-Server | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | V-SFT | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fujitsu | AIS Connect | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | Bean Connect | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | BS2000 Hardware | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | BS2000 Software | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | BX400 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | BX900 MMB | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | eLux RP on FUTRO | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS AB/HB | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS CS800 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS CS8000 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS DX/AF | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS JX | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS LT140/260 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS LT20/40/60 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS SF | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS SF MA | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | FlexFrame | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | INTELLIEGDLE A/G | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | iRMC on PRIMERGY | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ISM for PRIMERGY, PQ | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | NECoP | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | openFT | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | openSEAS | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | openUTM | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | openUTM (WebAdm.) | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | PRIMEFLEX for MS S2D | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | PTC Axeda (AIS Con.) | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SBAX2 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SBAX3 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SecDocs | | | Fixed | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView IM | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView OM | | | Fixed | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView OM/UM | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView RAID | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView Rem. Con. | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView VIOM | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SOA Pro. Mgmt. Service | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SOA SysRollout Service | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SVS Services for ISM | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SVS UME + LinuxLife | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SVS VMware Op. Mgr. | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SVS VMware vCenter | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | Web Transactions | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FusionAuth | All | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GE Digital | All | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Digital Grid | All | | | Unknown | [link](https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Asset Performance Management (APM) | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently deploying the fixes in the production environment. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Baseline Security Center (BSC) | | | Affected | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice – M1221-S01. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Baseline Security Center (BSC) 2.0 | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Control Server | | | Affected | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | MyFleet | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | OPM Performance Intelligence | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | OPM Performance Planning | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Tag Mapping Service | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | vCenter | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the update provided by Vmware. The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | GE Healthcare | | | | Unknown | [link](https://securityupdate.gehealthcare.com) | This advisory is not available at the time of this review, due to maintence on the GE Healthcare website. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Gearset | | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Genesys | | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GeoServer | | | | Unknown | [link](http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gerrit code review | | | | Unknown | [link](https://www.gerritcodereview.com/2021-12-13-log4j-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GFI | | | | Unknown | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ghidra | | | | Unknown | [link](https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gigamon | Fabric Manager | <5.13.01.02 | | Affected | [link](https://community.gigamon.com/gigamoncp/s/my-gigamon) | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Gearset | All | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Genesys | All | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GeoServer | All | | | Unknown | [link](http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GeoSolutions | GeoNetwork | | A, l, l | Fixed | [link](https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| GeoSolutions | GeoServer | | | Not Affected | [link](https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Gerrit Code Review | All | | | Unknown | [link](https://www.gerritcodereview.com/2021-12-13-log4j-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GFI Software | All | | | Unknown | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GFI Software | Kerio Connect | | | Fixed | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ghidra | All | | | Unknown | [link](https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ghisler | Total Commander | | | Not Affected | [link](https://www.ghisler.com/whatsnew.htm) | Third Party plugins might contain log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gigamon | Fabric Manager | | <5.13.01.02 | Fixed | [link](https://community.gigamon.com/gigamoncp/s/my-gigamon) | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | GitHub | GitHub | | GitHub.com and GitHub Enterprise Cloud | Fixed | [link](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| GitLab | | | | Unknown | [link](https://forum.gitlab.com/t/cve-2021-4428/62763) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Globus | | | | Unknown | [link](https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GoAnywhere | Gateway | < 2.8.4 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| GoAnywhere | MFT | < 6.8.6 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| GoAnywhere | MFT Agents | < 1.6.5 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| GoCD | | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Google Cloud | Access Transparency | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Actifio | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AI Platform Data Labeling | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AI Platform Neural Architecture Search (NAS) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AI Platform Training and Prediction | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Config Management | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Connect | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Hub | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Identity Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos on VMWare | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds to their VMware products as they become available. We also recommend customers review their respective applications and workloads affected by the same vulnerabilities and apply appropriate patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Premium Software | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Service Mesh | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Apigee | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not used and therefore the VMs were not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. It is possible that customers may have introduced custom resources that are using vulnerable versions of Log4j. We strongly encourage customers who manage Apigee environments to identify components dependent on Log4j and update them to the latest version. Visit the Apigee Incident Report for more information. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Google Cloud | App Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage App Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AppSheet | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At this time, we have identified no impact to core AppSheet functionality. Additionally, we have patched one Java-based auxiliary service in our platform. We will continue to monitor for affected services and patch or remediate as required. If you have any questions or require assistance, contact AppSheet Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Artifact Registry | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Assured Workloads | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Natural Language | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Tables | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Translation | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Video | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Vision | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | BigQuery | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | BigQuery Data Transfer Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | BigQuery Omni | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | BigQuery Omni, which runs on AWS and Azure infrastructure, does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We continue to work with AWS and Azure to assess the situation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Binary Authorization | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Certificate Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Chronicle | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Asset Inventory | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Bigtable | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Cloud Build | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Build environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud CDN | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Composer | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible that customers may have imported or introduced other dependencies via DAGs, installed PyPI modules, plugins, or other services that are using vulnerable versions of Log4j 2. We strongly encourage customers, who manage Composer environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Google Cloud | Cloud Console App | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Data Loss Prevention | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Debugger | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Deployment Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud DNS | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Endpoints | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud External Key Manager (EKM) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Functions | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Functions environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Hardware Security Module (HSM) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Interconnect | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Intrusion Detection System (IDS) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Key Management Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Load Balancing | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Logging | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Natural Language API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Network Address Translation (NAT) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Profiler | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Router | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Run | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Run for Anthos | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Scheduler | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud SDK | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Shell | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Shell environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Source Repositories | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Spanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Cloud SQL | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Cloud Storage | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Tasks | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Trace | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Traffic Director | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Translation | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Vision | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Vision OCR On-Prem | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud VPN | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | CompilerWorks | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Compute Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Compute Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes to Google Cloud VMware Engine as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Contact Center AI (CCAI) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Contact Center AI Insights | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Container Registry | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Data Catalog | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers who introduced their own connectors to identify dependencies on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Data Fusion | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Data Fusion does not use Log4j 2, but uses Dataproc as one of the options to execute pipelines. Dataproc released new images on December 18, 2021 to address the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow instructions in a notification sent on December 18, 2021 with the subject line “Important information about Data Fusion.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Database Migration Service (DMS) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Dataflow | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. If you have changed dependencies or default behavior, it is strongly recommended you verify there is no dependency on vulnerable versions Log4j 2. Customers have been provided details and instructions in a notification sent on December 17, 2021 with the subject line “Update #1 to Important information about Dataflow.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Google Cloud | Dataproc | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc released new images on December 18, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions in notifications sent on December 18, 2021 with the subject line “Important information about Dataproc” with Dataproc documentation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Dataproc Metastore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc Metastore has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent two notifications with instructions on December 17, 2021 with the subject line “Important information regarding Log4j 2 vulnerability in your gRPC-enabled Dataproc Metastore.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Datastore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Datastream | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Dialogflow Essentials (ES) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Document AI | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Event Threat Detection | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Eventarc | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Filestore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Log4j 2 is contained within the Filestore service; there is a technical control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Log4j 2 will be updated to the latest version as part of the scheduled rollout in January 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Firebase | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Firestore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Game Servers | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Google Cloud Armor | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Google Cloud Armor Managed Protection Plus | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Google Cloud VMware Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | We are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-11 | -| Google Cloud | Google Kubernetes Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Healthcare Data Engine (HDE) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Human-in-the-Loop AI | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | IoT Core | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Key Access Justifications (KAJ) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Looker | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| Google Cloud | Media Translation API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Memorystore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Migrate for Anthos | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Migrate for Compute Engine (M4CE) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | M4CE has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. A notification was sent to customers on December 17, 2021 with subject line “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Network Connectivity Center | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Network Intelligence Center | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Network Service Tiers | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Persistent Disk | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Pub/Sub | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Google Cloud | Pub/Sub Lite | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Pub/Sub Lite environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Google Cloud | reCAPTCHA Enterprise | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Recommendations AI | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Retail Search | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Risk Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Secret Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Security Command Center | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Service Directory | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Service Infrastructure | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Speaker ID | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Speech-to-Text | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Speech-to-Text On-Prem | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Storage Transfer Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Talent Solution | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Text-to-Speech | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Transcoder API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Transfer Appliance | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Video Intelligence API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Virtual Private Cloud | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Web Security Scanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Workflows | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| GitHub | GitHub Enterprise Server | | 3.0.22, 3.1.14, 3.2.6, 3.3.1 | Fixed | [link](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| GitLab | All | | | Not Affected | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | DAST Analyzer | | | Not Affected | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | Dependency Scanning | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | Gemnasium-Maven | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | PMD OSS | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | SAST | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | Spotbugs | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Globus | All | | | Unknown | [link](https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GoAnywhere | Agents | | | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | Gateway | | Version 2.7.0 or later | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | MFT | | Version 5.3.0 or later | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | MFT Agents | 1.4.2 or later | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | Versions less than GoAnywhere Agent version 1.4.2 are not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | Open PGP Studio | | | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | Suveyor/400 | | | Not Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoCD | All | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 | -| Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gradle | Gradle Enterprise | < 2021.3.6 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gradle | Gradle Enterprise Build Cache Node | < 10.1 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Grafana | | | | Unknown | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Grandstream | | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gravitee.io | | | | Unknown | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Google Cloud | Access Transparency | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Actifio | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AI Platform Data Labeling | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AI Platform Neural Architecture Search (NAS) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AI Platform Training and Prediction | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Config Management | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Connect | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Hub | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Identity Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos on VMWare | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds to their VMware products as they become available. We also recommend customers review their respective applications and workloads affected by the same vulnerabilities and apply appropriate patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Premium Software | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Service Mesh | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Apigee | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not used and therefore the VMs were not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. It is possible that customers may have introduced custom resources that are using vulnerable versions of Log4j. We strongly encourage customers who manage Apigee environments to identify components dependent on Log4j and update them to the latest version. Visit the Apigee Incident Report for more information. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Google Cloud | App Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage App Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AppSheet | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At this time, we have identified no impact to core AppSheet functionality. Additionally, we have patched one Java-based auxiliary service in our platform. We will continue to monitor for affected services and patch or remediate as required. If you have any questions or require assistance, contact AppSheet Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Artifact Registry | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Assured Workloads | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Natural Language | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Tables | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Translation | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Video | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Vision | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | BigQuery | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | BigQuery Data Transfer Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | BigQuery Omni | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | BigQuery Omni, which runs on AWS and Azure infrastructure, does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We continue to work with AWS and Azure to assess the situation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Binary Authorization | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Certificate Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Chronicle | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Asset Inventory | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Bigtable | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Cloud Build | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Build environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud CDN | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Composer | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible that customers may have imported or introduced other dependencies via DAGs, installed PyPI modules, plugins, or other services that are using vulnerable versions of Log4j 2. We strongly encourage customers, who manage Composer environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Google Cloud | Cloud Console App | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Data Loss Prevention | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Debugger | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Deployment Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud DNS | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Endpoints | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud External Key Manager (EKM) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Functions | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Functions environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Hardware Security Module (HSM) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Interconnect | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Intrusion Detection System (IDS) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Key Management Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Load Balancing | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Logging | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Natural Language API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Network Address Translation (NAT) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Profiler | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Router | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Run | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Run for Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Scheduler | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud SDK | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Shell | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Shell environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Source Repositories | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Spanner | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Cloud SQL | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Cloud Storage | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Tasks | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Trace | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Traffic Director | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Translation | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Vision | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Vision OCR On-Prem | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud VPN | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | CompilerWorks | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Compute Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Compute Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes to Google Cloud VMware Engine as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Contact Center AI (CCAI) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Contact Center AI Insights | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Container Registry | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Data Catalog | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers who introduced their own connectors to identify dependencies on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Data Fusion | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Data Fusion does not use Log4j 2, but uses Dataproc as one of the options to execute pipelines. Dataproc released new images on December 18, 2021 to address the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow instructions in a notification sent on December 18, 2021 with the subject line “Important information about Data Fusion.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Database Migration Service (DMS) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Dataflow | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. If you have changed dependencies or default behavior, it is strongly recommended you verify there is no dependency on vulnerable versions Log4j 2. Customers have been provided details and instructions in a notification sent on December 17, 2021 with the subject line “Update #1 to Important information about Dataflow.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Google Cloud | Dataproc | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc released new images on December 18, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions in notifications sent on December 18, 2021 with the subject line “Important information about Dataproc” with Dataproc documentation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Dataproc Metastore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc Metastore has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent two notifications with instructions on December 17, 2021 with the subject line “Important information regarding Log4j 2 vulnerability in your gRPC-enabled Dataproc Metastore.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Datastore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Datastream | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Dialogflow Essentials (ES) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Document AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Event Threat Detection | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Eventarc | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Filestore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Log4j 2 is contained within the Filestore service; there is a technical control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Log4j 2 will be updated to the latest version as part of the scheduled rollout in January 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Firebase | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Firestore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Game Servers | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Google Cloud Armor | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Google Cloud Armor Managed Protection Plus | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Google Cloud VMware Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | We are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-11 | +| Google Cloud | Google Kubernetes Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Healthcare Data Engine (HDE) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Human-in-the-Loop AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | IoT Core | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Key Access Justifications (KAJ) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Looker | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| Google Cloud | Media Translation API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Memorystore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Migrate for Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Migrate for Compute Engine (M4CE) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | M4CE has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. A notification was sent to customers on December 17, 2021 with subject line “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Network Connectivity Center | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Network Intelligence Center | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Network Service Tiers | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Persistent Disk | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Pub/Sub | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Google Cloud | Pub/Sub Lite | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Pub/Sub Lite environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Google Cloud | reCAPTCHA Enterprise | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Recommendations AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Retail Search | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Risk Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Secret Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Security Command Center | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Service Directory | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Service Infrastructure | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Speaker ID | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Speech-to-Text | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Speech-to-Text On-Prem | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Storage Transfer Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Talent Solution | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Text-to-Speech | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Transcoder API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Transfer Appliance | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Video Intelligence API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Virtual Private Cloud | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Web Security Scanner | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Workflows | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Gradle | All | | | Not Affected | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | Gradle Enterprise | | < 2021.3.6 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | Gradle Enterprise Build Cache Node | | < 10.1 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | Gradle Enterprise Test Distribution Agent | | < 1.6.2 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Grafana | All | | | Not Affected | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Grandstream | All | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Alert Engine | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1324,11 +1784,13 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Cockpit | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gravwell | | | | Unknown | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Graylog | Graylog Server | All versions >= 1.2.0 and <= 4.2.2 | | Affected | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GreenShot | | | | Unknown | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gravwell | All | | | Not Affected | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | Gravwell products do not use Java. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Graylog | All | | 3.3.15, 4.0.14, 4.1.9, 4.2.3 | Fixed | [link](https://www.graylog.org/post/graylog-update-for-log4j) | The vulnerable Log4j library is used to record GrayLogs own log information. Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Graylog | Graylog Server | | All versions >= 1.2.0 and <= 4.2.2 | Fixed | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GreenShot | All | | | Not Affected | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | GSA | Cloud.gov | | | Unknown | [link](https://cloud.gov/2021/12/14/log4j-buildpack-updates/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Guidewire | | | | Unknown | [link](https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GuardedBox | All | | 3.1.2 | Fixed | [link](https://twitter.com/GuardedBox/status/1469739834117799939) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Guidewire | All | | | Unknown | [link](https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | HAProxy | | | | Unknown | [link](https://www.haproxy.com/blog/december-2021-log4shell-mitigation/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | HarmanPro AMX | | | | Unknown | [link](https://help.harmanpro.com/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | HashiCorp | Boundary | | | Unknown | [link](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1351,7 +1813,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | HCL Software | BigFix Mobile | | | Not Affected | [link](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | HCL Software | BigFix Patch | | | Not Affected | [link](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | HelpSystems Clearswift | | | | Unknown | [link](https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| HENIX | Squash TM | | 1.21.7 - 1.22.9, 2.0.3 - 2.1.5, 2.2.0 - 3.0.2 | Fixed | [link](https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| HENIX | Squash TM | | 1.21.7-1.22.9, 2.0.3-2.1.5, 2.2.0-3.0.2 | Fixed | [link](https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | | Hexagon | | | | Unknown | [link](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Hikvision | | | | Unknown | [link](https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Hitachi Energy | 3rd party - Elastic Search, Kibana | | Elasticsearch 5.0.0+ | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | Set the JVM option -Dlog4j2.formatMsgNoLookups=true and restart each node of the cluster. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | @@ -1366,8 +1828,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Hitachi Energy | Lumada APM SaaS offering | | | Unknown | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | No action is required by customers. The SaaS offering has been patched per the recommendations. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Hitachi Energy | Lumada EAM / FSM | | v1.7.x, v1.8.x, v1.9.x | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See Section Mitigation Strategy in vendor advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Hitachi Energy | MMS Internal facing subcomponent. | | | Unknown | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | -| Hitachi Energy | Network Manager ADMS Network Model Server | | 9.1.0.32 - 9.1.0.44 | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See vendor advisory for instructions on mitigation steps. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | -| Hitachi Energy | Network Manager Outage Management Interface (CMI) | | 9.0 - 9.10.44, 9.1.1, 10.3.4 | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See vendor advisory for instructions on mitigation steps. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | +| Hitachi Energy | Network Manager ADMS Network Model Server | | 9.1.0.32-9.1.0.44 | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See vendor advisory for instructions on mitigation steps. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | +| Hitachi Energy | Network Manager Outage Management Interface (CMI) | | 9.0-9.10.44, 9.1.1, 10.3.4 | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See vendor advisory for instructions on mitigation steps. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Hitachi Energy | nMarket Global I-SEM | | 3.7.15, 3.7.16 | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Hitachi Energy | RelCare | | 2.0.0 | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | No action is required by customers. The RelCare SaaS hosted solution and the on-premises have been patched per the recommendations. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Hitachi Energy | UNEM | | R15A, R14B, R14A, R11B SP1 | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | A patch is available for releases R15A, R14B, R14A and R11B SP1. For details on how to apply such patch, please refer to the technical bulletin “UNEM - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer Connect Portal. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | @@ -1396,6 +1858,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to | HOLOGIC | Unifi Workspace | | | Unknown | [link](https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity) | While the Hologic software itself does not utilize Java/Log4J, the installed APC PowerChute UPS with Business Edition v9.5 software installed may. APC is still assessing its PowerChute software to determine if it is vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | HOLOGIC | Windows Selenia Mammography System | | | Unknown | [link](https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Honeywell | | | | Unknown | [link](https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| HP | Teradici Cloud Access Controller | | < v113 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici EMSDK | | < 1.0.6 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici Management Console | | < 21.10.3 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici PCoIP Connection Manager | | < 21.03.6, < 20.07.4 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici PCoIP License Server | | | Unknown | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | HPE | 3PAR StoreServ Arrays | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | AirWave Management Platform | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | Alletra 6000 | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | @@ -1507,7 +1974,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | HPE | OfficeConnect | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | Primera Storage | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | RepoServer part of OPA (on Premises aggregator) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | -| HPE | Resource Aggregator for Open Distributed Infrastructure Management | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| HPE | Resource Aggregator for Open Distributed Infrastructure Management | | | Not Affected | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | RESTful Interface Tool (iLOREST) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | SAT (System Admin Toolkit) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | Scripting Tools for Windows PowerShell (HPEiLOCmdlets) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | @@ -1525,11 +1992,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | HPE | Superdome Flex 280 | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | Superdome Flex Server | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | UAN (User Access Node) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | -| HP | Teradici Cloud Access Controller | | < v113 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici EMSDK | | < 1.0.6 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici Management Console | | < 21.10.3 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici PCoIP Connection Manager | | < 21.03.6, < 20.07.4 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici PCoIP License Server | | | Unknown | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HPE/Micro Focus | Data Protector | | 9.09 | Fixed | [link](https://portal.microfocus.com/s/article/KM000003243) | | [https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Huawei | | | | Unknown | [link](https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Hubspot | | | | Unknown | [link](https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | I-Net software | | | | Unknown | [link](https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1746,7 +2209,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Illumio | VEN | | | Unknown | [link](https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | IManage | | | | Unknown | [link](https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Imperva | | | | Unknown | [link](https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Inductive Automation | | | | Unknown | [link](https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Inductive Automation | Ignition | | | Not Affected | [link](https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day) | Older versions of Ignition (7.8 and older) did use the Log4j library, but they used an older version (1.2) that was not affected by this vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 | | IndustrialDefender | | | | Unknown | [link](https://www.industrialdefender.com/cve-2021-44228-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | infinidat | | | | Unknown | [link](https://support.infinidat.com/hc/en-us/articles/4413483145489-INFINIDAT-Support-Announcement-2021-010-Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | InfluxData | | | | Unknown | [link](https://www.influxdata.com/blog/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1772,22 +2235,101 @@ NOTE: This file is automatically generated. To submit updates, please refer to | iRedMail | | | | Unknown | [link](https://forum.iredmail.org/topic18605-log4j-cve202144228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Ironnet | | | | Unknown | [link](https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ISLONLINE | | | | Unknown | [link](https://blog.islonline.com/2021/12/13/isl-online-is-not-affected-by-log4shell-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ivanti | Application Control for Linux | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Application Control for Windows | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Automation | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Ivanti | Avalanche | 6.2.2, 6.3.0 to 6.3.3 | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Avalanche Remote Control | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | CETerm (Naurtech) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Cherwell Asset Management (CAM) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Cherwell Service Management (CSM) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Connect Pro | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | ConnectPro (Termproxy) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Credential mgr (PivD Manager) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Discovery Classic | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | DSM | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Environment Manager | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | GoldMine | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | HEAT Classic | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | IIRIS (Neurons for IIOT) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Incapptic Connect | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Insight | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | ITSM 6/7 | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Asset Lifecycle Management | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Device Application Control | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Endpoint Manager | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Endpoint Security | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Environment Manager | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti EPM - Cloud Service Appliance | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Ivanti | Ivanti File Director | 2019.1.*, 2020.1.*, 2020.3.*, 2021.1.*, 4.4.* | 2021.3 HF2, 2021.1 HF1, 2020.3 HF2 | Fixed | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Identity Director | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti License Optimizer (ILO) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Management Center | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Neurons Platform | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Performance Manager | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Security Controls (Patch ISec) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory Page | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Service Desk | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | Not Affected. Java is no longer required since version 2018.3U3 Customers on older versions can uninstall JRE on their ISD Servers for mitigation. This will disable indexing of Attachments and Documents for full-text search. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Service Manager | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Service Manager for Neurons (Cloud) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Voice | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Workspace Control | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MI Appconnect | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MI Email+ | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MI Go Client | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MI MobileAtWork | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MI Security Productivity Apps | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Mi Tunnel App | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MobileIron Access ZSO | All | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | Mitigated. No Impact | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MobileIron BYOD Portal | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MobileIron Cloud | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MobileIron Cloud Connector | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Ivanti | MobileIron Core | All | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | See Advisory details for mitigation instructions for MobileIron Core. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Ivanti | MobileIron Core Connector | All | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | See Advisory details for mitigation instructions for MobileIron Core Connector. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Ivanti | MobileIron Sentry (Core/Cloud) | 9.13, 9.14 | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | See Advisory details for mitigation instructions for MobileIron Sentry. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | -| Jamasoftware | | | | Unknown | [link](https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jamf | Jamf Pro | 10.31.0 – 10.34.0 | | Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ivanti | Patch MEM (Microsoft Endpoint Manager) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Patch OEM APIs | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Performance Manager | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse Connect Secure | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse Desktop Client | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse Mobile Client | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse One | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse Policy Secure | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse Services Director | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse Virtual Traffic Manager | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse Web Application Firewall | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse ZTA | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Risksense Threat and Vulnerability Management | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | SpeakEasy (add-on to Velocity) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | SpeakEasy (WinCE) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Terminal Emulation and Industrial Browser | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Velocity | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | VelocityCE | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Virtual Desktop Extender | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Wavelink License Server | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Xtraction | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Jamasoftware | All | | | Unknown | [link](https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Cloud | | | Fixed | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Connect | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Data Policy | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Health Care Listener | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Infrastructure Manager | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Now | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Private Access | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Pro (On-Prem) | | 10.34.1 | Fixed | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Protect | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf School | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Threat Defense | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Janitza | GridVis | | | Not Affected | [link](https://www.janitza.com/us/gridvis-download.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | -| Jaspersoft | | | | Unknown | [link](https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jedox | | | | Unknown | [link](https://www.jedox.com/en/trust/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jenkins | CI/CD Core | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jenkins | Plugins | | | Unknown | [link](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | [Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Jaspersoft | All | | | Unknown | [link](https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Java Melody | All | | 1.90.0 | Fixed | [link](https://github.com/javamelody/javamelody/wiki/ReleaseNotes) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jedox | All | | | Unknown | [link](https://www.jedox.com/en/trust/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jenkins | CI | | | Not Affected | [link](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jenkins | CI/CD Core | | | Not Affected | [link](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jenkins | Plugins | | | Unknown | [link](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | | [Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | JetBrains | All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, dotCover, dotPeek) | | | Not Affected | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jetbrains | Code With Me | | Unknown | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jetbrains | Code With Me | | | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | Datalore | | | Not Affected | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| JetBrains | Floating license server | | 30211 | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| JetBrains | Floating License Server | | 30241 | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | Gateway | | | Not Affected | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | Hub | | 2021.1.14080 | Fixed | [link](https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, Rider, RubyMine, WebStorm) | | | Not Affected | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1798,20 +2340,26 @@ NOTE: This file is automatically generated. To submit updates, please refer to | JetBrains | TeamCity | | | Not Affected | [link](https://youtrack.jetbrains.com/issue/TW-74298) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | ToolBox | | | Not Affected | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | UpSource | | 2020.1.1952 | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| JetBrains | YouTrack InCloud | | Unknown | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| JetBrains | YouTrack InCloud | | | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | YouTrack Standalone | | 2021.4.35970 | Fixed | [link](https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| JFROG | | | | Unknown | [link](https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jitsi | | | | Unknown | [link](https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jitterbit | | | | Unknown | [link](https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| JFrog | All | | | Not Affected | [link](https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| JGraph | DrawIO | | | Not Affected | [link](https://github.com/jgraph/drawio/issues/2490) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jitsi | jitsi-videobridge | | v2.1-595-g3637fda42 | Fixed | [link](https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jitterbit | All | | | Unknown | [link](https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Johnson Controls | Athena | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | BCPro | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | CEM AC2000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | CEM Hardware Products | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | CK721-A (P2000) | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | CloudVue Gateway | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | CloudVue Web | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Johnson Controls | C•CURE‐9000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Johnson Controls | C•CURE‐9000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Johnson Controls | C•CURE‐9000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Johnson Controls | C•CURE‐9000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Connect24 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Connected Equipment Gateway (CEG) | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | C•CURE Client | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | C•CURE Server | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | C•CURE Web | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | C•CURE-9000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | DataSource | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | DLS | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Entrapass | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | exacqVision Client | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | @@ -1821,32 +2369,110 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Johnson Controls | Illustra Cameras | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Illustra Insight | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | iSTAR | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Kantech Entrapass | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Metasys Products and Tools | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Active Responder | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Bridge | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Chiller Utility Plant Optimizer | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Cloud | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Connected Chiller | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Enterprise Manager | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Location Manager | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Risk Insight | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Twin | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Workplace | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | P2000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | PowerSeries NEO | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | PowerSeries Pro | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Qolsys IQ Panels | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | RFID Overhead360 Backend | | All | Fixed | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | S321-IP (P2000) | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Shoppertrak Analytics (STaN) - Traffic | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Shoppertrak Market Intelligence | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Shoppertrak Perimeter Apps | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Shoppertrak Shopper Journey | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Shoppertrak Video Analytics | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Sur‐Gard Receivers | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | TrueVue Cloud | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Tyco AI | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | victor | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | victor/ C•CURE‐9000 Unified | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Johnson Controls | victor/ C•CURE‐9000 Unified | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | VideoEdge | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Journyx | | | | Unknown | [link](https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Johnson Controls | Xaap | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Journyx | All | | | Unknown | [link](https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | jPOS | (ISO-8583) bridge | | | Not Affected | [link](https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jump Desktop | | | | Unknown | [link](https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Juniper Networks | | | | Unknown | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Justice Systems | | | | Unknown | [link](https://www.justicesystems.com/services/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| K15t | | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| K6 | | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Karakun | | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kaseya | | | | Unknown | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Keeper Security | | | | Unknown | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| KEMP | | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| KEMP 2 | | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kofax | | | | Unknown | [link](https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228)) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Konica Minolta | | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kronos UKG | | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kyberna | | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jump Desktop | All | | | Unknown | [link](https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Advanced Threat Prevention (JATP) | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | AppFormix | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Apstra System | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Apstra System | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Connectivity Services Director | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Contrail Analytics | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Contrail Cloud | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Contrail Networking | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Contrail Service Orchestration | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Cross Provisioning Platform | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | CTPOS and CTPView | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | ICEAAA Manager | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | JATP Cloud | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Juniper Identity Management Services (JIMS) | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Juniper Mist Edge | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Juniper Sky Enterprise | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Junos OS | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Junos OS Evolved | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Junos Space Network Management Platform | | | Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | MIST - Juniper Networks Marvis Virtual Network Assistant (VNA) | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | MIST - Juniper Networks Mist AI | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | MIST - Juniper Networks Wi-Fi Assurance | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | MIST - Juniper Networks Wired Assurance | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Mist Access Points | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Network Director | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Northstar Controller | | | Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Northstar Planner | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Paragon Insights | >= 21 version 21.1 ; >= 22 version 22.2 | | Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Paragon Pathfinder | >= 21 version 21.1 ; >= 22 version 22.2 | | Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Paragon Planner | >= 21 version 21.1 ; >= 22 version 22.2 | | Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Policy Enforcer | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Products using Wind River Linux in Junos OS and Junos OS Evolved | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | ScreenOS | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | SecIntel | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Secure Analytics | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Security Director | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Security Director Insights | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Session Smart Router (Formerly 128T) | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Space SDK | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Standalone Log Collector 20.1 (as also used by Space Security Director) | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | User Engagement Virtual BLE | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Justice Systems | All | | | Unknown | [link](https://www.justicesystems.com/services/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| K15t | All | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| K6 | All | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kaltura | Blackboard Learn SaaS in the classic Learn experience | | v3900.28.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Kaltura | Blackboard Learn Self- and Managed-Hosting | | v3900.26.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Karakun | All | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kaseya | AuthAnvil | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | BMS | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | ID Agent DarkWeb ID and BullPhish ID | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | IT Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | MyGlue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Network Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Passly | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | RocketCyber | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Spannign Salesforce Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Spanning O365 Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Unitrends | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Vorex | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | VSA SaaS and VSA On-Premises | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| KeePass | All | | | Not Affected | [link](https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Keeper | All | | | Fixed | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kemp | All | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | [Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Keycloak | All | | | Not Affected | [link](https://github.com/keycloak/keycloak/discussions/9078) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Capture | | | Not Affected | [link](https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Communication Manager | | 5.3 - 5.5 | Fixed | [link](https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Robot File System (RFS) | | >=10.7 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Robotic Process Automation (RPA) | | 11.1, 11.2 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Konica Minolta | All | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kronos UKG | All | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kyberna | All | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | L-Soft | | | | Unknown | [link](http://www.lsoft.com/news/log4jinfo.asp) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | L3Harris Geospatial | | | | Unknown | [link](https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Lancom Systems | | | | Unknown | [link](https://www.lancom-systems.com/service-support/instant-help/general-security-information/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1943,6 +2569,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | LOGalyze | SIEM & log analyzer tool | v4.x | | Affected | [link](https://sourceforge.net/software/product/LOGalyze/) | local-log4j-vuln-scanner result: indicator for vulnerable component found in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j 1.2.17 | [Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | LogiAnalytics | | | | Unknown | [link](https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogicMonitor | LogicMonitor Platform | | | Unknown | [link](https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Logit.io | Logit.io Platform | | | Not Affected | [link](https://logit.io/blog/post/logit-io-log4shell-security-update) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-07 | | LogMeIn | | | | Unknown | [link](https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogRhythm | | | | Unknown | [link](https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Looker | Looker | 21.0, 21.6, 21.12, 21.16, 21.18, 21.20 | | Affected | [link](https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1951,21 +2578,21 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Lyrasis | Fedora Repository | | | Not Affected | [link](https://groups.google.com/g/fedora-tech/c/dQMQ5jaX8Xo) | Fedora Repository is unaffiliated with Fedora Linux. Uses logback and explicitly excludes log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | MailStore | | | | Unknown | [link](https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Maltego | | | | Unknown | [link](https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ManageEngine Zoho | | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ManageEngine Zoho | ADAudit Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | ADManager Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | Analytics Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | Cloud Security Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | DataSecurity Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | EventLog Analyzer | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | Exchange Reporter Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | Log360 | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | Log360 UEBA | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | M365 Manager Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | M365 Security Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | RecoveryManager Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | ManageEngine | AD SelfService Plus | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-27 | | ManageEngine | Servicedesk Plus | 11305 and below | | Affected | [link](https://www.manageengine.com/products/service-desk/security-response-plan.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| ManageEngine Zoho | | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ManageEngine Zoho | ADAudit Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | ADManager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | Analytics Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | Cloud Security Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | DataSecurity Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | EventLog Analyzer | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | Exchange Reporter Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | Log360 | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | Log360 UEBA | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | M365 Manager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | M365 Security Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | RecoveryManager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | MariaDB | | | | Unknown | [link](https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | MathWorks | All MathWorks general release desktop or server products | | | Not Affected | [link](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | MathWorks | MATLAB | | | Not Affected | [link](https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | @@ -2006,7 +2633,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | MEINBERG | LANTIME and microSync | | | Unknown | [link](https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Meltano | Meltano | | | Unknown | [link](https://github.com/meltano/meltano) | Project is written in Python | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Memurai | | | | Unknown | [link](https://www.memurai.com/blog/apache-log4j2-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| MicroFocus | | | | Unknown | [link](https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Micro Focus | Data Protector | | 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.90, 10.91, 11.00 | Fixed | [link](https://portal.microfocus.com/s/article/KM000003052) | | [https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Microsoft | Azure API Gateway | | | Unknown | [link](https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Microsoft | Azure Application Gateway | | | Unknown | [link](https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Microsoft | Azure Data lake store java | < 2.3.10 | | Affected | [link](https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2026,10 +2653,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Mitel | | | | Unknown | [link](https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | MMM Group | Control software of all MMM series | | | Unknown | [link](https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | MMM Group | RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server | | | Unknown | [link](https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | -| MobileIron | Core | All Versions | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| MobileIron | Core Connector | All Versions | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| MobileIron | Reporting Database (RDB) | All Versions | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| MobileIron | Sentry | 9.13, 9.14 | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | MongoDB | All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | MongoDB | MongoDB Atlas Search | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | MongoDB | MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2040,6 +2663,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Moodle | | | | Unknown | [link](https://moodle.org/mod/forum/discuss.php?d=429966) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | MoogSoft | | | | Unknown | [link](https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Motorola Avigilon | | | | Unknown | [link](https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Moxa | | | | Not Affected | [link](https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability) | Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa's products are affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 | | Mulesoft | | | | Unknown | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Mulesoft | Anypoint Studio | 7.x | | Affected | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Mulesoft | Cloudhub | | | Unknown | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -2151,44 +2775,444 @@ NOTE: This file is automatically generated. To submit updates, please refer to | OxygenXML | Publishing Engine | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | Web Author | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | WebHelp | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| PagerDuty | PagerDuty SaaS | | | Unknown | [link](https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability) | We currently see no evidence of compromises on our platform. Our teams continue to monitor for new developments and for impacts on sub-processors and dependent systems. PagerDuty SaaS customers do not need to take any additional action for their PagerDuty SaaS environment | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QF-Test | | | | Unknown | [link](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Qlik | | | | Unknown | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QMATIC | Appointment Booking | 2.4+ | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | Update to v. 2.8.2 which contains log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QMATIC | Appointment Booking | Cloud/Managed Service | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-15 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QMATIC | Insights | Cloud | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Paessler | PRTG | | | Not Affected | [link](https://docs.rundeck.com/docs/history/CVEs/#log4shell-cves) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| PagerDuty | PagerDuty Rundeck | | 3.3+ | Fixed | [link](https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability) | We currently see no evidence of compromises on our platform. Our teams continue to monitor for new developments and for impacts on sub-processors and dependent systems. PagerDuty SaaS customers do not need to take any additional action for their PagerDuty SaaS environment. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| PagerDuty | PagerDuty SaaS | | | Fixed | [link](https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability) | We currently see no evidence of compromises on our platform. Our teams continue to monitor for new developments and for impacts on sub-processors and dependent systems. PagerDuty SaaS customers do not need to take any additional action for their PagerDuty SaaS environment | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Palantir | Palantir AI Inference Platform (AIP) | | All | Fixed | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | Fully remediated as of 1.97.0. Disconnected customer instances may require manual updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Palantir | Palantir Apollo | | | Not Affected | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact, and updates have been deployed for full remediation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Palantir | Palantir Foundry | | All | Fixed | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact to Palantir-hosted or Apollo-connected instances, and updates have been deployed for full remediation. Disconnected customer instances may require manual updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Palantir | Palantir Gotham | | All | Fixed | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact to Palantir-hosted or Apollo-connected instances, and updates have been deployed for full remediation. Disconnected customer instances may require manual updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Palo-Alto Networks | Bridgecrew | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | CloudGenix | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex Data Lake | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex XDR Agent | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex Xpanse | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex XSOAR | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Exact Data Matching CLI | | 1.2 | Fixed | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Expedition | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | GlobalProtect App | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | IoT Security | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Okyo Grade | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Palo-Alto Networks-DB Private Cloud | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Palo-Alto Networks-OS for Firewall and Wildfire | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Palo-Alto Networks-OS for Panorama | | 9.0.15, 9.1.12-h3, 10.0.8-h8 | Fixed | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will be updated when hot fixes for the affected Panorama versions are available. PAN-OS for Panorama versions 8.1, 10.1 are not affected. | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Palo-Alto Networks | Prisma Access | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Prisma Cloud | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Prisma Cloud Compute | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Prisma SD-WAN (CloudGenix) | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | SaaS Security | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | User-ID Agent | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | WildFire Appliance | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | WildFire Cloud | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Panasonic | KX-HDV100 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-HDV130 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-HDV230 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-HDV330 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-HDV340 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-HDV430 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-HDV800 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-TGP500 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-TGP550 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-TGP600 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-TGP700 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-UDS124 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-UT113 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-UT123 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-UT133 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-UT136 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-UT248 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-UT670 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panopto | All | | | Unknown | [link](https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PaperCut | PaperCut Hive | | | Not Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut MF | 21.0 and later | | Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut MobilityPrint | | | Not Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut MultiVerse | | | Not Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut NG | 21.0 and later | | Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut Online Services | | | Not Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut Pocket | | | Not Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut Print Logger | | | Not Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut Views | | | Not Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Parallels | Remote Application Server | | | Not Affected | [link](https://kb.parallels.com/en/128696) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Parse.ly | All | | | Unknown | [link](https://blog.parse.ly/parse-ly-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PBXMonitor | RMM for 3CX PBX | | | Not Affected | [link](https://www.pbxmonitor.net/changelog.php) | Mirror Servers were also checked to ensure Log4J was not installed or being used by any of our systems. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| PDQ | Deploy | | | Unknown | [link](https://www.pdq.com/blog/log4j-vulnerability-cve-2021-44228/?utm_content=190941012&utm_medium=social&utm_source=twitter&hss_channel=tw-90432152) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PDQ | Inventory | | | Unknown | [link](https://www.pdq.com/blog/log4j-vulnerability-cve-2021-44228/?utm_content=190941012&utm_medium=social&utm_source=twitter&hss_channel=tw-90432152) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Pega | Platform | | 7.3.x - 8.6.x | Fixed | [link](https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability) | Hotfixes made available for registered customers by Pega. When using Stream nodes, the embedded Kafka instances require a separate hotfix to be installed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pentaho | All | | | Unknown | [link](https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pepperl+Fuchs | All | | | Unknown | [link](https://www.pepperl-fuchs.com/global/en/29079.htm) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Percona | All | | | Unknown | [link](https://www.percona.com/blog/log4jshell-vulnerability-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Personio | All | | | Fixed | [link](https://status.personio.de/incidents/kn4c6mf6lpdv) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | Endpoint Activation | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | Eptools | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | Infinity | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | Infinity Connect Client | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | Microsoft Teams Connector | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | My Meeting Video | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | Reverse Proxy and TURN Server | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | Service | | All | Fixed | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | VMR Self-Service Portal | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Phenix Id | All | | | Unknown | [link](https://support.phenixid.se/uncategorized/log4j-fix/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Philips | Event Analytics (All VUE PACS Versions) | All | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | HealthSuite Marketplace | | 1.2 | Fixed | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Philips hosting environment has deployed a patch. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | IntelliBridge Enterprise | B.13, B.15 | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided it is customer responsibility to validate and deploy patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | IntelliSite Pathology Solution 5.1 | L1 | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | IntelliSpace Enterprise | | v11 and above | Fixed | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. Information or patch available in Inleft. Please contact your local service support team. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | IntelliSpace PACS | | | Fixed | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Philips hosting environment is evaluating the VMware provided workaround and in the process of deploying for managed service customers. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | IntelliSpace Portal Server/workstation | | v9 and above | Fixed | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. Information or patch available in Inleft. Please contact your local service support team. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Pathology De-identifier 1.0 | L1 | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Performance Bridge | | 2.0 with Practice, 3.0 | Fixed | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. Information or patch available in Inleft. Please contact your local service support team. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Pinnacle | 18.x | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Protocol Analytics | | 1.1 | Fixed | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. Information or patch available in Inleft. Please contact your local service support team. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Protocol Applications | 1.1 | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Report Analytics (All VUE PACS Versions) | All | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | RIS Clinic | | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Scanner Protocol Manager | 1.1 | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Tasy EMR | | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Univeral Data Manager (UDM) | | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Philips hosting environment is evaluating the VMware provided workaround and in the process of deploying for managed service customers. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | VuePACS | 12.2.8 | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| PHOENIX CONTACT | Cloud Services | | | Fixed | [link](https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0) | Cloud Services were either not vulnerable or are completely fixed. No exploits observed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| PHOENIX CONTACT | Physical products containing firmware | | | Not Affected | [link](https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| PHOENIX CONTACT | Software Products | | | Not Affected | [link](https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Ping Identity | PingAccess | | 4.0 <= version <= 6.3.2 | Fixed | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingCentral | | | Fixed | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingFederate | | 8.0 <= version <= 10.3.4 | Fixed | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingFederate Java Integration Kit | | < 2.7.2 | Fixed | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingFederate OAuth Playground | | < 4.3.1 | Fixed | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingIntelligence | | | Fixed | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pitney Bowes | All | | | Unknown | [link](https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Planmeca | All | | | Unknown | [link](https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Planon Software | Planon Universe | | | Not Affected | [link](https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/) | This advisory is available for customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Platform.SH | All | | | Unknown | [link](https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Plesk | All | | | Unknown | [link](https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Plex | Plex Industrial IoT | | | Not Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | This advisory is available to customer only and has not been reviewed by CISA. Mitigation already applied, patch available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Plex | Plex Media Server | | | Not Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Polycom | Cloud Relay (OTD and RealConnect hybrid use case) | | | Unknown | [link](https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Polycom | Poly Clariti Core/Edge (a.k.a. DMA/CCE) | | 9.0 and above | Fixed | [link](https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Polycom | Poly Clariti Relay | | 1.0.2 | Fixed | [link](https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Polycom | Poly RealConnect for Microsoft Teams and Skype for Business | | | Fixed | [link](https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Polycom | RealAccess | | | Fixed | [link](https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Portainer | All | | | Unknown | [link](https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PortSwigger | All | | | Unknown | [link](https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Postgres | PostgreSQL JDBC | | | Not Affected | [link](https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Postman | All | | | Unknown | [link](https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Power Admin LLC | PA File Sight | | | Not Affected | [link](https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Power Admin LLC | PA Server Monitor | | | Not Affected | [link](https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Power Admin LLC | PA Storage Monitor | | | Not Affected | [link](https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PowerDNS | dnsdist | | | Not Affected | [link](https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PowerDNS | metronome | | | Not Affected | [link](https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PowerDNS | PowerDNS Authoritative Server | | | Not Affected | [link](https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PowerDNS | PowerDNS Recursor | | | Not Affected | [link](https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Pretix | All | | | Unknown | [link](https://pretix.eu/about/de/blog/20211213-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PrimeKey | All | | | Unknown | [link](https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Procentec (HMS Group) | All | | | Not Affected | [link](https://mailchi.mp/procentec.com/security_message) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Progress | DataDirect Hybrid Data Pipeline | | | Fixed | [link](https://knowledgebase.progress.com/articles/Knowledge/Is-Hybrid-Data-Pipeline-vulnerable-CVE-2021-44228-Log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Progress | OpenEdge | | | Fixed | [link](https://knowledgebase.progress.com/articles/Knowledge/Is-Hybrid-Data-Pipeline-vulnerable-CVE-2021-44228-Log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ProofPoint | Archiving Appliance | | | Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Archiving Backend | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Cloud App Security Broker | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Cloudmark Cloud/Cloudmark Hybrid | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Cloudmark On-Premise | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Compliance Gateway | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Content Patrol | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Data Discover | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | DLP Core Engine | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Email Community | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Email Fraud Defense (EFD) | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Email Protecton OnDemand (PoD), including Email DLP and Email Encryption | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Email Security Relay | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Endpoint DLP | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Essentials Archive | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Essentials Email | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Insider Threat Management Saas | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Insiders Threat Management On-Premise | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Isolation | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | ITM Saas Endpoint Agents | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Mail Protection On-Premise (PPS), including Email DLP and Email Encryption | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Meta/ZTNA | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Nexus People Risk Explorer | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Secure Email Relay | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Secure Share | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Security Awareness Training | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Sentrion | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Social Discover | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Social Patrol | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Targeted Attack Protection (TAP) | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Threat Response (TRAP) | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Web Gateway | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Web Security | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProSeS | All | | | Unknown | [link](https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Prosys | All | | | Unknown | [link](https://prosysopc.com/news/important-security-release/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Proxmox | Backup Server | | | Not Affected | [link](https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Proxmox | Mail Gateway | | | Not Affected | [link](https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Proxmox | VE | | | Not Affected | [link](https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PRTG Paessler | All | | | Unknown | [link](https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTC | ACA Client | | | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Adapter Toolkit | | | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | AdaWorld | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ApexAda | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Arbortext Editor, Styler, and Publishing Engine | | >8.0.0.0 | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Arena | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Axeda | | | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Axeda Platform | 6.9.2 | | Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Creo Elements/Direct Model Manager | | | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Creo Parametric | | | Unknown | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Creo View | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Flexnet License Server | | | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | FlexPLM | 12.0.2.2 (CPS03), 12.0.2.3 | | Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | FlexPLM | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | FlexPLM | | 12.0.2.0 (CPS01 and CPS02) | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Implementer | | | Unknown | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Intellicus | | >=19.1 SP11 | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | OnShape | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Servigistics Service Parts Management | | 12.1, 12.2 | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Servigistics Service Parts Pricing | | 12.1, 12.2 | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Advisor Apps | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Agents | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Analytics | | 8.5, 9.0, 9.1, 9.2 | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx DPM | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Extensions | | | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Flow | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Kepware | | <=1.3 | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Manufacturing Apps | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Navigate | | 9.1, 9.2 | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Ping Federate Integration | | >=9.1 | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Platform | | >=8.5.7 | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Platform High Availability | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | WCTK | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Windchill PDMLink | 12.0.2.2 (CPS03) | | Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Windchill PDMLink | | 12.0.2.0 (CPS01 & CPS02) | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Windchill PDMLink | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Windchill Performance Advisor | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Windchill Rest Services | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Windchill RV&S(Integrity Lifcycle Manager) | | 4.6/8.6 4.6 SP0 to 12.5 | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Windchill Workgroup Manager | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTV Group | Map&Market | > 2017 | | Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | Map&Market | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Arrival Board | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Balance | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Content Update Service | | 2 (on prem) | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Developer | | | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Drive&Arrive | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Drive&Arrive App | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV EM Portal | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Epics | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Hyperpath | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV MaaS Modeller | | | Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Map&Guide Intranet | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Navigator App | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Navigator License Manager | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Optima | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Road Editor | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Route Optimiser CL | | | Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Route Optimiser ST | | on prem xServer2 | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Route Optimiser ST (TourOpt) | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Route Optimizer Saas/Demonstrator | | | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV TLN Planner Internet | | | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV TRE | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Tre-Addin | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Trip Creator | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Vissim | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Vistad Euska | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Vistro | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Visum | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Visum Publisher | | | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Viswalk | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV xServer | | 1.34 (on prem), 2 (on prem) | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV xServer | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV xServer Internet 1 | | | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV xServer Internet 2 | | | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Connect Secure (ICS) | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Neurons for Secure Access | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Neurons for ZTA | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Connect Secure | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Desktop Client | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Mobile Client | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse One | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Policy Secure | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Secure Services Director | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Secure Virtual Traffic Manager | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Secure Web Application Firewall | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse ZTA | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Puppet | Agents | | | Not Affected | [link](https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Puppet | Continuous Delivery for Puppet Enterprise | | 3.x, < 4.10.2 | Fixed | [link](https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Puppet | Enterprise | | | Not Affected | [link](https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pure Storage | Cloud Blockstore | CBS6.1.x, CBS6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | Flash Array | 5.3.x, 6.0.x, 6.1.x, 6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | Flash Blade | 3.1.x, 3.2.x, 3.3.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | PortWorx | | 2.8.0+ | Fixed | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | Pure1 | | | Fixed | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | VM Analytics OVA Collector | | < v3.1.4 | Fixed | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| PuTTY | All | | | Not Affected | [link](https://www.chiark.greenend.org.uk/~sgtatham/putty/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pyramid Analytics | All | | | Not Affected | [link](https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Qconference | FaceTalk | | | Fixed | [link](https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| QF-Test | All | | | Unknown | [link](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Qlik | AIS, including ARC | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Attunity Visibility | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | AutoML | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Blendr | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | C4DL | | 6.6 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | C4DW | | 6.6, 6.6.1, 7.0 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Catalog | | 4.10.0, 4.10.1, 4.10.2, 4.11.0, 4.11.1, 4.12.0, 4.12.1 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Compose | | 2021.2, 2021.5, 2021.8 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Compose for Data Lakes | | | Not Affected | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Compose for Data Wharehouses | | | Not Affected | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | GeoAnalytics Plus | | 5.26.5, 5.27.5 - 5.28.2, 5.29.4 - 5.30.1, 5.31.1, 5.31.2 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | GeoAnalytics Server | | 4.19.1 - 4.27.3, 4.23.4, 4.32.3 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Nodegraph | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Nprinting | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | ODBC Connector Package | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | QEM | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Alerting | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Catalog | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Data Transfer | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Enterprise Manager | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Forts | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik RepliWeb and ARC | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Sense Business | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Sense Enterprise | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Sense Enterprise SaaS | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik View | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Web Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Replicate | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | REST Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Salesforce and SAP Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | Connectos are not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| QMATIC | Appointment Booking | | 2.4+ | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | Update to v. 2.8.2 which contains log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| QMATIC | Appointment Booking | | Cloud/Managed Service | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-15 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| QMATIC | Insights | | Cloud | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | QMATIC | Orchestra Central | | | Not Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QNAP | | | | Unknown | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QOPPA | | | | Unknown | [link](https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QSC Q-SYS | | | | Unknown | [link](https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QT | | | | Unknown | [link](https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Quest Global | | | | Unknown | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | QES Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | Qsirch | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | QTS Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | QuTS Hero Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QOPPA | All | | | Unknown | [link](https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QOS.ch | SLF4J Simple Logging Facade for Java | | | Unknown | [link](https://www.slf4j.org/log4shell.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QSC Q-SYS | All | | | Unknown | [link](https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QT | All | | | Unknown | [link](https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Quest | Foglight | | | Unknown | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Quest | Foglight | | 6.0 | Fixed | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Quest | Quest KACE SMA | | | Not Affected | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| R | R | | | Not Affected | [link](https://www.r-project.org/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| R2ediviewer | | | | Unknown | [link](https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Radware | | | | Unknown | [link](https://support.radware.com/app/answers/answer_view/a_id/1029752) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Rapid7 | AlcidekArt, kAdvisor, and kAudit | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | AppSpider Enterprise | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | AppSpider Pro | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Insight Agent | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightAppSec Scan Engine | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightAppSec Scan Engine | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightCloudSec/DivvyCloud | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightConnect Orchestrator | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightIDR Network Sensor | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightIDR/InsightOps Collector & Event Sources | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightOps DataHub | InsightOps DataHub <= 2.0 | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightOps non-Java logging libraries | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightOps r7insight_java logging library | <=3.0.8 | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightVM Kubernetes Monitor | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightVM/Nexpose | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightVM/Nexpose Console | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightVM/Nexpose Engine | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | IntSights virtual appliance | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Logentries DataHub | Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). Windows: Run version 1.2.0.822 in a Docker container or as a Java command per these [instructions](https://docs.logentries.com/docs/datahub-windows). You can find more details [here](https://docs.logentries.com/docs/datahub-linux). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Logentries le_java logging library | All versions: this is a deprecated component | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Metasploit Framework | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Metasploit Pro | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Metasploit Pro ships with log4j but has specific configurations applied to it that mitigate Log4Shell. A future update will contain a fully patched version of log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | tCell Java Agent | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Velociraptor | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Raritan | | | | Unknown | [link](https://www.raritan.com/support) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ravelin | | | | Unknown | [link](https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Real-Time Innovations (RTI) | Distributed Logger | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | Recording Console | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Administration Console | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Code Generator | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Code Generator Server | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG) | as part of RTI Connext Micro 3.0.0, 3.0.1, 3.0.2, 3.0.3 | | Affected | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG) | as part of RTI Connext Professional 6.0.0 and 6.0.1 | | Affected | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Monitor | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Red Hat | log4j-core | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Integration Camel K | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat build of Quarkus | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat CodeReady Studio | | 12.21.0 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Data Grid | | 8 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Decision Manager | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat Enterprise Linux | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat Enterprise Linux | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat Enterprise Linux | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat Integration Camel Quarkus | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat JBoss A-MQ Streaming | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat JBoss Enterprise Application Platform | | 7 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4) - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat JBoss Fuse | | 7 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Process Automation | | 7 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches) - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Single Sign-On | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Vert.X | | 4 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Satellite 5 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Spacewalk | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-elasticsearch6 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-hive | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-presto | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenShift Logging | logging-elasticsearch6-container | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenStack Platform 13 (Queens) | opendaylight | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | End of Life | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat Software Collections | rh-java-common-log4j | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat Software Collections | rh-maven35-log4j12 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat Software Collections | rh-maven36-log4j12 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red5Pro | | | | Unknown | [link](https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RedGate | | | | Unknown | [link](https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Redis | | | | Unknown | [link](https://redis.com/security/notice-apache-log4j2-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Reiner SCT | | | | Unknown | [link](https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ReportURI | | | | Unknown | [link](https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ResMed | AirView | | | Unknown | [link](https://www.resmed.com/en-us/security/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| ResMed | myAir | | | Unknown | [link](https://www.resmed.com/en-us/security/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Respondus | | | | Unknown | [link](https://support.respondus.com/support/index.php?/News/NewsItem/View/339) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Revenera / Flexera | | | | Unknown | [link](https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ricoh | | | | Unknown | [link](https://www.ricoh.com/info/2021/1215_1/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RingCentral | | | | Unknown | [link](https://www.ringcentral.com/trust-center/security-bulletin.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Riverbed | | | | Unknown | [link](https://supportkb.riverbed.com/support/index?page=content&id=S35645) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Rockwell Automation | FactoryTalk Analytics DataFlowML | 4.00.00 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rockwell Automation | FactoryTalk Analytics DataView | 3.03.00 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rockwell Automation | Industrial Data Center | | Gen 1, Gen 2, Gen 3, Gen 3.5 | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rockwell Automation | MES EIG | 3.03.00 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | Customers should upgrade to EIG Hub if possible or work with their local representatives about alternative solutions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rockwell Automation | VersaVirtual | | Series A | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rockwell Automation | Warehouse Management | 4.01.00, 4.02.00, 4.02.01, 4.02.02 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rollbar | | | | Unknown | [link](https://rollbar.com/blog/log4j-zero-day-2021-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Rosette.com | | | | Unknown | [link](https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Authentication Manager | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Authentication Manager Prime | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Authentication Manager WebTier | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Governance and Lifecycle | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Governance and Lifecycle Cloud | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Identity Router | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA Netwitness | | | | Unknown | [link](https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Rstudioapi | Rstudioapi | | | Not Affected | [link](https://github.com/rstudio/rstudioapi) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Rubrik | | | | Unknown | [link](https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ruckus | Virtual SmartZone (vSZ) | 5.1 to 6.0 | | Affected | [link](https://support.ruckuswireless.com/security_bulletins/313) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| RunDeck by PagerDuty | | | | Unknown | [link](https://docs.rundeck.com/docs/history/CVEs/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Runecast | Runecast Analyzer | | 6.0.3 | Fixed | [link](https://www.runecast.com/release-notes) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SAE-IT | | | | Unknown | [link](https://www.sae-it.com/nc/de/news/sicherheitsmeldungen.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SAFE FME Server | | | | Unknown | [link](https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SAGE | | | | Unknown | [link](https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SailPoint | | | | Unknown | [link](https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Salesforce | Analytics Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Analytics Cloud is reported to be affected by CVE-2021-44228. Services have been updated to mitigate the issues identified in CVE-2021-44228 and we are executing our final validation steps." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | B2C Commerce Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "B2C Commerce Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | ClickSoftware (As-a-Service) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "ClickSoftware (As-a-Service) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | ClickSoftware (On-Premise) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Please contact Customer Support." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Community Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Community Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Data.com | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Data.com is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | DataLoader | | <=53.0.0 | Fixed | [link](https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Salesforce | Datorama | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Datorama is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Evergage (Interaction Studio) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. Services have been updated to mitigate the issues identified in CVE-2021-44228 and we are executing our final validation steps." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Force.com | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Force.com is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Heroku | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Heroku is reported to not be affected by CVE-2021-44228; no further action is necessary at this time." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Marketing Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Marketing Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | MuleSoft (Cloud) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "MuleSoft (Cloud) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | MuleSoft (On-Premise) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Please contact Customer Support." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Pardot | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Pardot is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Sales Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Sales Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Service Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Service Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Slack | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Slack is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Social Studio | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Social Studio is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Tableau (On-Premise) | | < 2021.4.1 | Fixed | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | Fixed in 2021.4.1 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Salesforce | Tableau (Online) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Tableau (Online) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Analytics Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | B2C Commerce Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | ClickSoftware (As-a-Service) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | ClickSoftware (On-Premise) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Data.com | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | DataLoader | | >=53.0.2 | Fixed | [link](https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2) | This version is for use with Salesforce Winter '22 or higher release through Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Datorama | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Evergage (Interaction Studio) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Experience (Community) Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Force.com | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader version 53.0.2 or later. Follow the steps described here to download the latest version of Data Loader. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Heroku | | | Not Affected | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Heroku is reported to not be affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Marketing Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Salesforce-owned services within Marketing Cloud are not affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party vendors have been patched to address the security issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | MuleSoft (Cloud) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft services, including dataloader.io, have been updated to mitigate the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | MuleSoft (On-Premise) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors, including Private Cloud Edition (PCE) and Anypoint Studio, have a mitigation in place to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Pardot | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Sales Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Service Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Slack | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Social Studio | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Tableau (On-Premise) | | < 2021.4.1 | Fixed | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Patches to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046 are available for download. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Salesforce | Tableau (Online) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services have been patched to mitigate the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | Samsung Electronics America | Knox Admin Portal | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Samsung Electronics America | Knox Asset Intelligence | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Samsung Electronics America | Knox Configure | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | @@ -2250,10 +3274,13 @@ NOTE: This file is automatically generated. To submit updates, please refer to | SEP | | | | Unknown | [link](https://support.sep.de/otrs/public.pl?Action=PublicFAQZoom;ItemID=132) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Server Eye | | | | Unknown | [link](https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ServiceNow | | | | Unknown | [link](https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ServiceTitan | ServiceTitan | | Cloud | Fixed | [link](https://security.servicetitan.com/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-07 | | Shibboleth | | | | Unknown | [link](http://shibboleth.net/pipermail/announce/2021-December/000253.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Shibboleth | All Products | | | Not Affected | [link](https://shibboleth.net/pipermail/announce/2021-December/000253.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-10 | | Shopify | | | | Unknown | [link](https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Siebel | | | | Unknown | [link](https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | | Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | @@ -2284,15 +3311,13 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Siemens Healthineers | Somatom Emotion Som5 VC50 | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | evaluation ongoing | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | Somatom Scope Som5 VC50 | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | evaluation ongoing | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Siemens Healthineers | Syngo MobileViewer VA10A | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | The vulnerability will be patch/mitigated in upcoming releases\patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Siemens Healthineers | Syngo MobileViewer VA10A | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | The vulnerability will be patch/mitigated in upcoming releases/patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Please contact your Customer Service to get support on mitigating the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | syngo.via WebViewer VA13B / VA20A / VA20B | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | X.Ceed Somaris 10 VA40* | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | X.Cite Somaris 10 VA30*/VA40* | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | | Sierra Wireless | | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Sierra Wireless | AirVantage and Octave cloud platforms | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs) | These systems do not operate with the specific non-standard configuration required for CVE-2021-25046 and hence were not vulnerable to it. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Sierra Wireless | AM/AMM servers | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | @@ -2393,8 +3418,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Splunk | Splunk UBA OVA Software | 5.0.3a, 5.0.0 | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-30 | | Splunk | Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) | 1.1.1 and older | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-30 | | Sprecher Automation | | | | Unknown | [link](https://www.sprecher-automation.com/en/it-security/security-alerts) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Spring Boot | | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Spring | Spring Boot | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Spring Boot | | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | StarDog | | | | Unknown | [link](https://community.stardog.com/t/stardog-7-8-1-available/3411) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | STERIS | Advantage | | | Unknown | [link](https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | STERIS | Advantage Plus | | | Unknown | [link](https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | @@ -2568,6 +3593,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | TPLink | Omega Controller | Linux/Windows(all) | | Affected | [link](https://www.tp-link.com/us/support/faq/3255) | Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as potential workaround. Though that should now be done with 2.16 | [Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452),[Reddit Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | TrendMicro | All | | | Unknown | [link](https://success.trendmicro.com/solution/000289940) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Tricentis Tosca | | | | Unknown | [link](https://support-hub.tricentis.com/open?number=NEW0001148&id=post) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Tridium | | | | Unknown | [link](https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf) | Document access requires authentication. CISA is not able to validate vulnerability status. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 | | Trimble | eCognition | 10.2.0 Build 4618 | | Affected | | Remediation steps provided by Trimble | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | | Tripp Lite | LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) | | | Unknown | [link](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-04 | | Tripp Lite | PowerAlert Local (PAL) | | | Unknown | [link](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-04 | @@ -2636,6 +3662,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Venafi | | | | Unknown | [link](https://support.venafi.com/hc/en-us/articles/4416213022733-Log4j-Zero-Day-Vulnerability-notice) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Veritas NetBackup | | | | Unknown | [link](https://www.veritas.com/content/support/en_US/article.100052070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Vertica | | | | Unknown | [link](https://forum.vertica.com/discussion/242512/vertica-security-bulletin-a-potential-vulnerability-has-been-identified-apache-log4j-library-used) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Video Insight Inc. | Video Insight | | | Not Affected | [link](https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability) | Video Insight is a part of Panasonic I-Pro. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 | | Viso Trust | | | | Unknown | [link](https://blog.visotrust.com/viso-trust-statement-re-cve-2021-44228-log4j-a4b9b5767492) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | VMware | API Portal for VMware Tanzu | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | VMware | App Metrics | 2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | @@ -2676,60 +3703,226 @@ NOTE: This file is automatically generated. To submit updates, please refer to | VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | VTScada | All | | | Not Affected | [link](https://www.vtscada.com/vtscada-unaffected-by-log4j/) | Java is not utilized within VTScada software, and thus our users are unaffected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Vyaire | | | | Unknown | [link](https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| WAGO | WAGO Smart Script | 4.2.x < 4.8.1.3 | | Affected | [link](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Wallarm | | | | Unknown | [link](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Wasp Barcode technologies | | | | Unknown | [link](https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WatchGuard | Secplicity | | | Unknown | [link](https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WAGO | WAGO Smart Script | | 4.2.x < 4.8.1.3 | Fixed | [link](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Wallarm | All | | | Unknown | [link](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Wasp Barcode technologies | All | | | Unknown | [link](https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Watcher | All | | | Not Affected | [link](https://twitter.com/felix_hrn/status/1470387338001977344) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | AuthPoint | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Dimension | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | EDPR and Panda AD360 | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Firebox | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | System Manager, Dimension, and Panda AD360 | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Threat Detection and Response | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Wi-Fi Cloud | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Western Digital | | | | Unknown | [link](https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WIBU Systems | CodeMeter Cloud Lite | 2.2 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| WIBU Systems | CodeMeter Keyring for TIA Portal | 1.30 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| WindRiver | | | | Unknown | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WireShark | | | | Unknown | [link](https://gitlab.com/wireshark/wireshark/-/issues/17783) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Wistia | | | | Unknown | [link](https://status.wistia.com/incidents/jtg0dfl5l224) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WitFoo | | | | Unknown | [link](https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WordPress | | | | Unknown | [link](https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Worksphere | | | | Unknown | [link](https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Wowza | | | | Unknown | [link](https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WSO2 | WSO2 Enterprise Integrator | 6.1.0 and above | | Affected | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| XCP-ng | | | | Unknown | [link](https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WIBU Systems | CodeMeter Cloud Lite | | 2.2 and prior | Fixed | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| WIBU Systems | CodeMeter Keyring for TIA Portal | | 1.30 and prior | Fixed | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| WildFly | All | | | Not Affected | [link](https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | LTS17 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | LTS18 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | LTS19 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | LTS21 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Wind River | WRL-6 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | WRL-7 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | WRL-8 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | WRL-9 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| WireShark | All | | | Not Affected | [link](https://www.wireshark.org/news/20211215.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Wistia | All | | | Unknown | [link](https://status.wistia.com/incidents/jtg0dfl5l224) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WitFoo | Precinct | | 6.x | Fixed | [link](https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/) | WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WordPress | All | | | Not Affected | [link](https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Worksphere | All | | | Unknown | [link](https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Wowza | Streaming Engine | | 4.7.8, 4.8.x | Fixed | [link](https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WSO2 | API Manager | | >= 3.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | API Manager Analytics | | >= 2.6.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Enterprise Integrator | | >= 6.1.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Enterprise Integrator Analytics | | >= 6.6.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Identity Server | | >= 5.9.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Identity Server Analytics | | >= 5.7.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Identity Server as Key Manager | | >= 5.9.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Gateway | | >= 3.2.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Integrator | | >= 1.1.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Integrator Dashboard | | >= 4.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Integrator Monitoring Dashboard | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Open Banking AM | | >= 2.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Open Banking BI | | >= 1.3.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Open Banking KM | | >= 2.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Stream Integrator | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Stream Integrator Tooling | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Stream Processor | | >= 4.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| XCP-ng | All | | | Not Affected | [link](https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | XenForo | | | | Unknown | [link](https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Xerox | | | | Unknown | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| XPertDoc | | | | Unknown | [link](https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| XPLG | | | | Unknown | [link](https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| XWIKI | | | | Unknown | [link](https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Xylem | Aquatalk | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Avensor | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Configuration change complete | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus Analytics | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus Automation Control Configuration change complete | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus Cathodic Protection Mitigation in process Mitigation in process | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus FieldLogic LogServer | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus Lighting Control | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus NetMetrics Configuration change complete | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xerox | AltaLink Products | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | CareAR | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 8700 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 8870 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 8880 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 9201 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 9301 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | DocuCentre SC2020 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ElemX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Core | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Express to Print | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Makeready | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Output Manager | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Print Manager - APP | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Variable Information Suite | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Nuvera EA Perfecting Production Systems | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Nuvera EA Production Systems | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3300 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3320 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3330 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3435 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3600 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3610 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3635 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 4510 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 4622 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6000 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6020 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6022 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6280 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6510 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6600 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6700 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 7800 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 8860 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | PrimeLink Products | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Versalink Products | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 33xx | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 3615 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 4260 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 4265 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5135 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5150 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5225 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5230 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 53XX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5645 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5655 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5740 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5745 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5755 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5765 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 58XX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5945 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5955 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6025 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6400 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6515 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6605 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6655 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7425 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7435 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7525 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7535 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7556 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7830 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7835 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7855 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7970i | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre ECXX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Account Payable Services | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox App Gallery | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B1022/25 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B225 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B230 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B235 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B310 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Baltoro HF Inkjet Press | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Branded ConnectKey Applications | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox C230 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox C235 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox C310 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Campaigns on Demand | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Color EC70 Printer | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox D110 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox D125 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox D95A | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Digital Mailroom Services | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox ECXX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox ED125 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox ED95A | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox iGen 5 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Instant Print Kiosk | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Intelligent Workplace Services (All Including XDM, XDA, CWW) | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Iridesse Production Press | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox J75 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Print and Scan Experience | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Team Availability Application | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 180 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 280 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 3100 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 4100 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workflow Central Platform | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workplace Kiosk | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workplace Suite | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workspace Cloud | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | XMPie Data-Driven Print and VDP | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | XMPie Omnichannel Communications | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | XMPie Web to Print | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| XPertDoc | All | | | Unknown | [link](https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| XPLG | All | | | Unknown | [link](https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| XWIKI | All | | | Unknown | [link](https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xylem | Aquatalk | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Avensor | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Configuration change complete | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus Analytics | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus Automation Control Configuration change complete | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus Cathodic Protection Mitigation in process Mitigation in process | | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus FieldLogic LogServer | | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus Lighting Control | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus NetMetrics Configuration change complete | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Xylem | Sensus RNI On Prem | 4.7 through 4.10, 4.4 through 4.6, 4.2 | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus RNI Saas | 4.7 through 4.10, 4.4 through 4.6, 4.2 | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus SCS | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Smart Irrigation | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Water Loss Management (Visenti) | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Xylem Cloud | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Xylem Edge Gateway (xGW) | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus RNI Saas | | 4.7 through 4.10, 4.4 through 4.6, 4.2 | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus SCS | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Smart Irrigation | | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Water Loss Management (Visenti) | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Xylem Cloud | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Xylem Edge Gateway (xGW) | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Yahoo | Vespa | | | Not Affected | [link](https://blog.vespa.ai/log4j-vulnerability/) | Your Vespa application may still be affected if log4j is included in your application package. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Yellowbrick | | | | Unknown | [link](https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| YellowFin | | | | Unknown | [link](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| YOKOGAWA | | | | Unknown | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| YSoft SAFEQ | | | | Unknown | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| YellowFin | All | | 8.0.10.3, 9.7.0.2 | Fixed | [link](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | v7 and v6 releases are not affected unless you have manually upgraded to Log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Yenlo | Connext | | | Not Affected | [link](https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/) | Connext Platform (Managed WSO2 Cloud) and all underlying middleware components are not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| YOKOGAWA | CENTUM VP | | | Unknown | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | CENTUM VP (other components) | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is still under investigation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | CI Server | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | Exaopc | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | Exaplog | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | Exaquantum | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | FAST/TOOLS | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | PRM | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | ProSafe-RS | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | ProSafe-RS Lite | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | STARDOM | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | VTSPortal | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YSoft | SAFEQ 4 | | | Not Affected | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| YSoft | SAFEQ 5 | | | Not Affected | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| YSoft | SAFEQ 6 | | <=6.0.63 | Fixed | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | | Zabbix | | | | Unknown | [link](https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ZAMMAD | | | | Unknown | [link](https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zaproxy | | | | Unknown | [link](https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zebra | | | | Unknown | [link](https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zeiss | Cataract Suite | | 1.3.1 | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | EQ Workplace | | 1.6, 1.8 | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | FORUM | | 4.2.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | Glaucoma Workplace | | 3.5.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | Laser Treatment Workplace | | 1.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | Retina Workplace | | 2.5.x, 2.6.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | | Zendesk | All Products | All Versions | | Affected | [link](https://support.zendesk.com/hc/en-us/articles/4413583476122) | Zendesk products are all cloud-based; thus there are no updates for the customers to install as the company is working on patching their infrastructure and systems. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Zenoss | | | | Unknown | [link](https://support.zenoss.com/hc/en-us) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zentera Systems, Inc. | CoIP Access Platform | | | Not Affected | [link](https://support.zentera.net/hc/en-us/articles/4416227743511--CVE-2021-44228-Log4Shell-Vulnerability-in-Apache-Log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Zerto | | | | Unknown | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zerto | Cloud Appliance | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zerto | Cloud Manager | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zerto | Virtual Manager | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zerto | Virtual Replication Appliance | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | | Zesty | | | | Unknown | [link](https://www.zesty.io/mindshare/company-announcements/log4j-exploit/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zimbra | | | | Unknown | [link](https://bugzilla.zimbra.com/show_bug.cgi?id=109428) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zix | | | | Unknown | [link](https://status.appriver.com/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Zoom | | | | Unknown | [link](https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zoho | Online | | | Unknown | [link](https://help.zoho.com/portal/en/community/topic/update-on-the-recent-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zoom | | | | Not Affected | [link](https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ZPE systems Inc | | | | Unknown | [link](https://support.zpesystems.com/portal/en/kb/articles/is-nodegrid-os-and-zpe-cloud-affected-by-cve-2021-44228-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zscaler | See Link (Multiple Products) | | | Unknown | [link](https://trust.zscaler.com/posts/9581) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Zyxel | | | | Unknown | [link](https://www.zyxel.com/support/Zyxel_security_advisory_for_Apache_Log4j_RCE_vulnerability.shtml) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zyxel | All other products | | | Not Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Zyxel | Netlas Element Management System (EMS) | | | Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | Hotfix availibility Dec. 20 2021. Patch availability in end of Feb. 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Zyxel | Security Firewall/Gateways | | | Not Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | diff --git a/config/SOFTWARE-LIST.tpl.md b/config/SOFTWARE-LIST.tpl.md index 25bd21f..6dc7340 100644 --- a/config/SOFTWARE-LIST.tpl.md +++ b/config/SOFTWARE-LIST.tpl.md @@ -12,10 +12,11 @@ ## Software List ## -This list was initially populated using information from the following sources: +This list has been populated using information from the following sources: - Kevin Beaumont - SwitHak +- National Cyber Security Centre - Netherlands (NCSC-NL) NOTE: This file is automatically generated. To submit updates, please refer to [`CONTRIBUTING.md`](CONTRIBUTING.md). diff --git a/config/requirements.txt b/config/requirements.txt index e5b41a2..76c9f9b 100644 --- a/config/requirements.txt +++ b/config/requirements.txt @@ -1 +1 @@ -https://github.com/cisagov/log4j-md-yml/archive/v1.1.0.tar.gz +https://github.com/cisagov/log4j-md-yml/archive/v1.1.1.tar.gz diff --git a/data/cisagov.yml b/data/cisagov.yml index 286186c..f681472 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -154,18 +154,20 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ABB - product: '' + - vendor: 7Signal + product: Sapphire cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -178,13 +180,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch - notes: '' + - https://www.7signal.com/info/se-release-notes + notes: Fix released 2021-12-14 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-14T00:00:00' - vendor: ABB - product: ABB Remote Service + product: AlarmInsight Cloud cves: cve-2021-4104: investigated: false @@ -193,10 +195,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ABB Remote Platform (RAP) + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -207,13 +209,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: AlarmInsight Cloud + product: B&R Products cves: cve-2021-4104: investigated: false @@ -221,11 +224,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - AlarmInsight KPI Dashboards 1.0.0 + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -236,13 +239,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: B&R Products + product: Remote Service cves: cve-2021-4104: investigated: false @@ -250,10 +254,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - See Vendor Advisory - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -266,13 +270,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Abbott - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -296,12 +300,12 @@ software: unaffected_versions: [] vendor_links: - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html - notes: '' + notes: Details are shared with customers with an active RAP subscription. references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Abnormal Security - product: Abnormal Security + - vendor: Abbott + product: GLP Track System cves: cve-2021-4104: investigated: false @@ -309,8 +313,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Track Sample Manager (TSM) + - Track Workflow Manager (TWM) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -324,13 +330,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://abnormalsecurity.com/blog/attackers-use-email-log4j-vulnerability - notes: '' + - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html + notes: Abbott will provide a fix for this in a future update expected in January + 2022. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Accellence - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Abnormal Security + product: All cves: cve-2021-4104: investigated: false @@ -338,10 +345,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -353,13 +361,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.accellence.de/en/articles/national-vulnerability-database-62 + - https://abnormalsecurity.com/blog/attackers-use-email-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Accellion - product: Kiteworks + - vendor: Accellence Technologies + product: EBÜS cves: cve-2021-4104: investigated: false @@ -370,7 +378,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - v7.6 release + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -383,18 +391,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/ - notes: '"As a precaution, Kiteworks released a 7.6.1 Hotfix software update to - address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 - contained in the Solr package as recommended by Apache Solr group. Specifically, - it updates the Log4j library to a non-vulnerable version on CentOS 7 systems - as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” - to disable the possible attack vector on both CentOS 6 and CentOS 7."' + - https://www.accellence.de/en/articles/cve-2021-44228-62 + notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several + 3rd-party software setups, which may be affected. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Acquia - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accellence Technologies + product: Vimacc cves: cve-2021-4104: investigated: false @@ -402,10 +406,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -417,13 +422,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228 + - https://www.accellence.de/en/articles/cve-2021-44228-62 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Acronis - product: '' + - vendor: Accellion + product: Kiteworks cves: cve-2021-4104: investigated: false @@ -431,9 +436,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v7.6 release unaffected_versions: [] cve-2021-45046: investigated: false @@ -446,13 +452,18 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security-advisory.acronis.com/advisories/SEC-3859 - notes: '' + - https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/ + notes: As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address + the vulnerability. This patch release adds the mitigation for CVE-2021-44228 + contained in the Solr package as recommended by Apache Solr group. Specifically, + it updates the Log4j library to a non-vulnerable version on CentOS 7 systems + as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" + to disable the possible attack vector on both CentOS 6 and CentOS 7. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ActiveState - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Accruent + product: Analytics cves: cve-2021-4104: investigated: false @@ -460,9 +471,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -475,13 +487,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/ + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adaptec - product: '' + - vendor: Accruent + product: Asset Enterprise cves: cve-2021-4104: investigated: false @@ -489,10 +501,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -504,13 +517,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Addigy - product: '' + - vendor: Accruent + product: BigCenter cves: cve-2021-4104: investigated: false @@ -518,9 +531,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -533,13 +547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/ + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adeptia - product: '' + - vendor: Accruent + product: EMS cves: cve-2021-4104: investigated: false @@ -547,10 +561,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -562,13 +577,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adobe ColdFusion - product: '' + - vendor: Accruent + product: Evoco cves: cve-2021-4104: investigated: false @@ -576,9 +591,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -591,13 +607,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ADP - product: '' + - vendor: Accruent + product: Expesite cves: cve-2021-4104: investigated: false @@ -605,9 +621,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -620,43 +637,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: Active MFT - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA - references: - - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT + - vendor: Accruent + product: Famis 360 cves: cve-2021-4104: investigated: false @@ -664,9 +651,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -679,14 +667,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Lucernex cves: cve-2021-4104: investigated: false @@ -694,9 +681,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -709,14 +697,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Maintenance Connection cves: cve-2021-4104: investigated: false @@ -724,10 +711,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -739,14 +727,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: AFAS Software - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Meridian cves: cve-2021-4104: investigated: false @@ -754,9 +741,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -769,13 +757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANcart + - vendor: Accruent + product: Single Sign On (SSO, Central Auth) cves: cve-2021-4104: investigated: false @@ -787,7 +775,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -799,13 +787,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANmobile + - vendor: Accruent + product: SiteFM3 cves: cve-2021-4104: investigated: false @@ -815,9 +803,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -829,13 +817,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANServer + - vendor: Accruent + product: SiteFM4 cves: cve-2021-4104: investigated: false @@ -845,9 +833,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -859,13 +847,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANsuite + - vendor: Accruent + product: Siterra cves: cve-2021-4104: investigated: false @@ -875,9 +863,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -889,13 +877,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANupdate + - vendor: Accruent + product: TMS cves: cve-2021-4104: investigated: false @@ -907,7 +895,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -919,13 +907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANweb + - vendor: Accruent + product: VxField cves: cve-2021-4104: investigated: false @@ -937,7 +925,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -949,13 +937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Agilysys - product: '' + - vendor: Accruent + product: VxMaintain cves: cve-2021-4104: investigated: false @@ -963,9 +951,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -978,13 +967,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Akamai - product: SIEM Splunk Connector + - vendor: Accruent + product: VxObserve cves: cve-2021-4104: investigated: false @@ -993,9 +982,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1008,13 +997,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://splunkbase.splunk.com/app/4310/ - notes: v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Alcatel - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: VxSustain cves: cve-2021-4104: investigated: false @@ -1022,9 +1011,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1037,13 +1027,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dokuwiki.alu4u.com/doku.php?id=log4j + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alertus - product: '' + - vendor: Acquia + product: All cves: cve-2021-4104: investigated: false @@ -1066,13 +1056,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US + - https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alexion - product: '' + - vendor: Acronis + product: Backup cves: cve-2021-4104: investigated: false @@ -1080,10 +1070,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '11.7' cve-2021-45046: investigated: false affected_versions: [] @@ -1095,13 +1086,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alfresco - product: '' + - vendor: Acronis + product: Cyber Backup cves: cve-2021-4104: investigated: false @@ -1109,10 +1100,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '12.5' cve-2021-45046: investigated: false affected_versions: [] @@ -1124,13 +1116,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717 + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AlienVault - product: '' + - vendor: Acronis + product: Cyber Files cves: cve-2021-4104: investigated: false @@ -1138,10 +1130,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.6.2 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1153,13 +1146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228 + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alphatron Medical - product: '' + - vendor: Acronis + product: Cyber Infrastructure cves: cve-2021-4104: investigated: false @@ -1167,10 +1160,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '3.5' + - 4.x cve-2021-45046: investigated: false affected_versions: [] @@ -1182,13 +1177,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.alphatronmedical.com/home.html + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Athena + - vendor: Acronis + product: Cyber Protect cves: cve-2021-4104: investigated: false @@ -1196,10 +1191,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '15' cve-2021-45046: investigated: false affected_versions: [] @@ -1211,13 +1207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS + - vendor: Acronis + product: Cyber Protection Home Office cves: cve-2021-4104: investigated: false @@ -1229,8 +1225,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Linux 1 - - '2' + - 2017 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1241,16 +1236,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: 'Notes: Amazon Linux 1 had aws apitools which were Java based but these - were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). - AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 - and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2' + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: AWS API Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: DeviceLock DLP cves: cve-2021-4104: investigated: false @@ -1260,9 +1253,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '9.0' cve-2021-45046: investigated: false affected_versions: [] @@ -1274,13 +1267,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Amazon - product: AWS CloudHSM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Files Connect cves: cve-2021-4104: investigated: false @@ -1289,10 +1282,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 3.4.1. + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 10.7 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1304,13 +1297,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS Connect + - vendor: Acronis + product: MassTransit cves: cve-2021-4104: investigated: false @@ -1320,9 +1313,10 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8.1' + - '8.2' cve-2021-45046: investigated: false affected_versions: [] @@ -1334,15 +1328,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Vendors recommend evaluating components of the environment outside of the - Amazon Connect service boundary, which may require separate/additional customer - mitigation + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Amazon - product: AWS DynamoDB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Snap Deploy cves: cve-2021-4104: investigated: false @@ -1352,9 +1344,10 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5' + - '6' cve-2021-45046: investigated: false affected_versions: [] @@ -1366,13 +1359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS EKS, ECS, Fargate + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ActiveState + product: All cves: cve-2021-4104: investigated: false @@ -1380,47 +1373,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Unknown - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache “Log4j2" utility - (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, - Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). - This hot-patch will require customer opt-in to use, and disables JNDI lookups - from the Log4J2 library in customers’ containers. These updates are available - as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions - references: - - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Amazon - product: AWS ElastiCache - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1432,13 +1388,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS ELB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: '360' cves: cve-2021-4104: investigated: false @@ -1448,9 +1404,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1462,13 +1418,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Amazon - product: AWS Inspector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: Agents cves: cve-2021-4104: investigated: false @@ -1478,9 +1434,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1492,13 +1448,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS Kinesis Data Stream + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: Application cves: cve-2021-4104: investigated: false @@ -1507,44 +1463,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: We are actively patching all sub-systems that use Log4j2 by applying updates. - The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library - (KPL) are not impacted. For customers using KCL 1.x, we have released an updated - version and we strongly recommend that all KCL version 1.x customers upgrade - to KCL version 1.14.5 (or higher) - references: - - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS Lambda - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - Unknown - fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1556,13 +1478,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS Lambda + - vendor: Acunetix + product: IAST - ASP.NET cves: cve-2021-4104: investigated: false @@ -1571,10 +1493,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1586,13 +1508,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS RDS + - vendor: Acunetix + product: IAST - NodeJS cves: cve-2021-4104: investigated: false @@ -1602,9 +1524,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1616,14 +1538,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified - in CVE-2021-44228 + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS S3 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - PHP cves: cve-2021-4104: investigated: false @@ -1633,9 +1554,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1647,13 +1568,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS SNS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST-Java cves: cve-2021-4104: investigated: false @@ -1664,7 +1585,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -1677,15 +1598,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon SNS systems that serve customer traffic are patched against the - Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate - separately from SNS’s systems that serve customer traffic + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: AcuSensor IAST module needs attention. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS SQS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adaptec + product: All cves: cve-2021-4104: investigated: false @@ -1693,10 +1612,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1709,13 +1627,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: CloudFront + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Addigy + product: All cves: cve-2021-4104: investigated: false @@ -1738,13 +1656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: CloudWatch + - vendor: Adeptia + product: Connect cves: cve-2021-4104: investigated: false @@ -1752,9 +1670,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '3.3' + - '3.4' + - '3.5' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1767,13 +1688,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: EC2 + - vendor: Adeptia + product: Suite cves: cve-2021-4104: investigated: false @@ -1783,9 +1704,11 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Amazon Linux 1 & 2 + fixed_versions: + - 6.9.9 + - 6.9.10 + - 6.9.11 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1797,13 +1720,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: ELB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Automated Forms Conversion Service cves: cve-2021-4104: investigated: false @@ -1811,8 +1734,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1826,13 +1750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: KMS + - vendor: Adobe + product: ColdFusion cves: cve-2021-4104: investigated: false @@ -1840,10 +1764,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.3 Forms on JEE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All versions from 6.3 GA to 6.3.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1855,13 +1810,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: OpenSearch + - vendor: Adobe + product: Experience Manager 6.4 Forms Designer cves: cve-2021-4104: investigated: false @@ -1871,7 +1826,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Unknown + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1885,13 +1840,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: RDS + - vendor: Adobe + product: Experience Manager 6.4 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1899,9 +1854,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All versions from 6.4 GA to 6.4.8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1914,13 +1870,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Route 53 + - vendor: Adobe + product: Experience Manager 6.5 Forms Designer cves: cve-2021-4104: investigated: false @@ -1928,9 +1884,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1943,13 +1900,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: S3 + - vendor: Adobe + product: Experience Manager 6.5 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1957,9 +1914,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All versions from 6.5 GA to 6.5.11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1972,13 +1930,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Translate + - vendor: Adobe + product: Experience Manager Forms on OSGi cves: cve-2021-4104: investigated: false @@ -1986,10 +1944,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2001,13 +1960,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/translate/ - notes: Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: VPC + - vendor: Adobe + product: Experience Manager Forms Workbench cves: cve-2021-4104: investigated: false @@ -2015,10 +1974,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2030,12 +1990,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AMD + - vendor: ADP product: All cves: cve-2021-4104: @@ -2058,15 +2018,44 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Advanced Micro Devices (AMD) + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] vendor_links: - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 - notes: Currently, no AMD products have been identified as affected. AMD is continuing - its analysis. + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Anaconda - product: Anaconda + last_updated: '2022-02-02T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: Active MFT cves: cve-2021-4104: investigated: false @@ -2078,7 +2067,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 4.10.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2090,13 +2079,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.conda.io/projects/conda/en/latest/index.html - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: ActiveMQ Artemis + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT cves: cve-2021-4104: investigated: false @@ -2108,7 +2098,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2120,18 +2110,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://activemq.apache.org/news/cve-2021-44228 - notes: ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 - is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). - Although this version of Log4j is not impacted by CVE-2021-44228 future versions - of Artemis will be updated so that the Log4j jar is no longer included in the - web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) - for more information on that task. + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: Airflow + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Gateway cves: cve-2021-4104: investigated: false @@ -2139,10 +2125,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2154,13 +2141,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/apache/airflow/tree/main/airflow - notes: Airflow is written in Python + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Camel + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Server cves: cve-2021-4104: investigated: false @@ -2169,11 +2157,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.14.1.3.11.5 - - 3.7.7 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2185,17 +2172,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ - notes: Apache Camel does not directly depend on Log4j 2, so we are not affected - by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own - applications, make sure to upgrade.Apache Camel does use log4j during testing - itself, and therefore you can find that we have been using log4j v2.13.3 release - in our latest LTS releases Camel 3.7.6, 3.11.4. + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel 2 + last_updated: '2021-12-14T00:00:00' + - vendor: AFHCAN Global LLC + product: AFHCANcart cves: cve-2021-4104: investigated: false @@ -2203,10 +2187,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2218,13 +2203,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel JBang + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANmobile cves: cve-2021-4104: investigated: false @@ -2233,10 +2218,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <=3.1.4 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2248,13 +2233,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel K + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANServer cves: cve-2021-4104: investigated: false @@ -2262,10 +2247,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2277,13 +2263,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel Karaf + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANsuite cves: cve-2021-4104: investigated: false @@ -2291,10 +2277,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2306,14 +2293,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ - notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release - with updated log4j. + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel Quarkus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANupdate cves: cve-2021-4104: investigated: false @@ -2321,10 +2307,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://afhcan.org/support.aspx + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANweb + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2336,13 +2353,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: CamelKafka Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Agilysys + product: All cves: cve-2021-4104: investigated: false @@ -2365,13 +2382,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Druid + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Mobile cves: cve-2021-4104: investigated: false @@ -2380,10 +2397,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < druid 0.22.0 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.6+ cve-2021-45046: investigated: false affected_versions: [] @@ -2395,13 +2412,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/apache/druid/releases/tag/druid-0.22.1 + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Apache - product: Flink + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Other products cves: cve-2021-4104: investigated: false @@ -2411,12 +2428,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 1.14.2 - - 1.13.5 - - 1.12.7 - - 1.11.6 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - version 8.5.4.86 (and above) cve-2021-45046: investigated: false affected_versions: [] @@ -2428,17 +2442,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://flink.apache.org/2021/12/10/log4j-cve.html - notes: 'To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 - releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were - skipped because CVE-2021-45046 was discovered during the release publication. - The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade - for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046.' + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' references: - - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' - last_updated: '2021-12-12T00:00:00' - - vendor: Apache - product: Kafka + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: PRD cves: cve-2021-4104: investigated: false @@ -2450,7 +2460,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '2.0' cve-2021-45046: investigated: false affected_versions: [] @@ -2462,14 +2472,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kafka.apache.org/cve-list - notes: The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, - not v2. + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Apache - product: Kafka + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AIL + product: All cves: cve-2021-4104: investigated: false @@ -2478,10 +2487,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2493,13 +2502,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html - notes: Only vulnerable in certain configuration(s) + - https://twitter.com/ail_project/status/1470373644279119875 + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Log4j + - vendor: Akamai + product: Enterprise Application Access (EAA) Connector cves: cve-2021-4104: investigated: false @@ -2508,10 +2517,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.15.0 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2523,13 +2532,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Solr + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Integration Connector cves: cve-2021-4104: investigated: false @@ -2540,8 +2549,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 7.4.0 to 7.7.3 - - 8.0.0 to 8.11.0 + - <1.7.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2554,13 +2562,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 - notes: Update to 8.11.1 or apply fixes as described in Solr security advisory + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 + and CVE-2021-45105. references: - - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' - last_updated: '2021-12-16T00:00:00' - - vendor: Apache - product: Struts 2 + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Splunk Connector cves: cve-2021-4104: investigated: false @@ -2568,10 +2577,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - Versions before 2.5.28.1 - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - < 1.4.10 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2584,16 +2593,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://struts.apache.org/announce-2021 - notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is - available as a “General Availability” release. The GA designation is our highest - quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by - using the latest Log4j 2.12.2 version (Java 1.7 compatible). + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. + Although it includes the vulnerable Log4J component, it is not used by the connector. references: - - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: Tomcat + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Alcatel + product: All cves: cve-2021-4104: investigated: false @@ -2602,8 +2609,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - 9.0.x + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2617,21 +2623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tomcat.apache.org/security-9.html - notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications - deployed on Apache Tomcat may have a dependency on log4j. You should seek support - from the application vendor in this instance. It is possible to configure Apache - Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit - configuration and the addition of the log4j 2.x library. Anyone who has switched - Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. - In most cases, disabling the problematic feature will be the simplest solution. - Exactly how to do that depends on the exact version of log4j 2.x being used. - Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) + - https://dokuwiki.alu4u.com/doku.php?id=log4j + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: APC by Schneider Electric - product: Powerchute Business Edition + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alertus + product: Console cves: cve-2021-4104: investigated: false @@ -2642,11 +2640,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - v9.5 - - v10.0.1 - - v10.0.2 - - v10.0.3 - - v10.0.4 + - 5.15.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2659,13 +2653,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. + - https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: APC by Schneider Electric - product: Powerchute Network Shutdown + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alexion + product: Alexion CRM cves: cve-2021-4104: investigated: false @@ -2675,12 +2669,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '4.2' - - '4.3' - - '4.4' - - 4.4.1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2692,13 +2683,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. + - https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Apereo - product: CAS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alfresco + product: Alfresco cves: cve-2021-4104: investigated: false @@ -2707,10 +2698,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.3.x & 6.4.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2722,13 +2713,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://apereo.github.io/2021/12/11/log4j-vuln/ + - https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apereo - product: Opencast + - vendor: AlienVault + product: All cves: cve-2021-4104: investigated: false @@ -2736,10 +2727,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 9.10 - - < 10.6 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2753,13 +2742,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 + - https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apigee - product: '' + - vendor: Alphatron Medical + product: AmiSconnect cves: cve-2021-4104: investigated: false @@ -2767,10 +2756,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2782,13 +2772,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.apigee.com/incidents/3cgzb0q2r10p + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apollo - product: '' + - vendor: Alphatron Medical + product: Custo Diagnostics cves: cve-2021-4104: investigated: false @@ -2796,8 +2786,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '5.4' + - '5.6' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2811,13 +2803,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.apollographql.com/t/log4j-vulnerability/2214 + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appdynamics - product: '' + - vendor: Alphatron Medical + product: JiveX cves: cve-2021-4104: investigated: false @@ -2825,10 +2817,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2840,13 +2833,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appeon - product: PowerBuilder + - vendor: Alphatron Medical + product: Zorgbericht cves: cve-2021-4104: investigated: false @@ -2855,10 +2848,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Appeon PowerBuilder 2017-2021 regardless of product edition + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2869,13 +2862,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: AppGate - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AMS cves: cve-2021-4104: investigated: false @@ -2883,9 +2877,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2898,13 +2893,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Work in progress, portion of customers may still be vulnerable. Actively + monitoring this issue, and are working on addressing it for any AMS services + which use Log4j2. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appian - product: Appian Platform + - vendor: Amazon + product: API Gateway cves: cve-2021-4104: investigated: false @@ -2915,7 +2912,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - All + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2928,13 +2925,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Application Performance Ltd - product: DBMarlin + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena cves: cve-2021-4104: investigated: false @@ -2942,10 +2939,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - Not Affected - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2957,13 +2954,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Application Performance Ltd - product: DBMarlin + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena JDBC Driver cves: cve-2021-4104: investigated: false @@ -2971,10 +2969,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2986,13 +2985,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: All versions vended to customers were not affected. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: APPSHEET - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS cves: cve-2021-4104: investigated: false @@ -3000,10 +2999,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Linux 1 + - '2' cve-2021-45046: investigated: false affected_versions: [] @@ -3015,13 +3016,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated + in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). + AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 + and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aptible - product: Aptible + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS AppFlow cves: cve-2021-4104: investigated: false @@ -3030,9 +3034,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ElasticSearch 5.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3045,13 +3049,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aqua Security - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS AppSync cves: cve-2021-4104: investigated: false @@ -3059,9 +3063,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3074,13 +3079,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arbiter Systems - product: All + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager cves: cve-2021-4104: investigated: false @@ -3088,9 +3093,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3103,13 +3109,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arbiter.com/news/index.php?id=4403 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: ARC Informatique - product: All + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager Private CA cves: cve-2021-4104: investigated: false @@ -3119,7 +3125,8 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3132,13 +3139,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Arca Noae - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS CloudHSM cves: cve-2021-4104: investigated: false @@ -3146,9 +3153,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 3.4.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -3161,13 +3169,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/ - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arcserve - product: Arcserve Backup + - vendor: Amazon + product: AWS CodeBuild cves: cve-2021-4104: investigated: false @@ -3177,9 +3185,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3191,13 +3199,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve Continuous Availability + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodePipeline cves: cve-2021-4104: investigated: false @@ -3207,9 +3215,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3221,13 +3229,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve Email Archiving + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Connect cves: cve-2021-4104: investigated: false @@ -3237,9 +3245,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3251,13 +3259,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Vendors recommend evaluating components of the environment outside of the + Amazon Connect service boundary, which may require separate/additional customer + mitigation. references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve UDP + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS Directory Service cves: cve-2021-4104: investigated: false @@ -3267,9 +3277,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 6.5-8.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3281,13 +3291,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: ShadowProtect + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS DynamoDB cves: cve-2021-4104: investigated: false @@ -3297,9 +3307,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3311,13 +3321,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: ShadowXafe + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ECS cves: cve-2021-4104: investigated: false @@ -3327,9 +3337,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3341,13 +3351,19 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Solo + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS EKS cves: cve-2021-4104: investigated: false @@ -3357,9 +3373,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3371,13 +3387,19 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: StorageCraft OneXafe + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Elastic Beanstalk cves: cve-2021-4104: investigated: false @@ -3389,7 +3411,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3401,13 +3423,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Default configuration of applications usage of Log4j versions is not vulnerable. references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: ArcticWolf - product: '' + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ElastiCache cves: cve-2021-4104: investigated: false @@ -3415,9 +3437,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3430,13 +3453,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://arcticwolf.com/resources/blog/log4j + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arduino - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ELB cves: cve-2021-4104: investigated: false @@ -3444,9 +3467,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3459,13 +3483,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ariba - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Fargate cves: cve-2021-4104: investigated: false @@ -3473,9 +3497,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3488,13 +3513,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available + as platform versions. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arista - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Glue cves: cve-2021-4104: investigated: false @@ -3502,9 +3528,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3517,13 +3544,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Has been updated. Vulnerable only if ETL jobs load affected versions of + Apache Log4j. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aruba Networks - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Greengrass cves: cve-2021-4104: investigated: false @@ -3531,9 +3559,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3546,13 +3575,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure + Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, + an update for the Stream Manager feature is included in Greengrass patch versions + 1.10.5 and 1.11.5. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ataccama - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Inspector cves: cve-2021-4104: investigated: false @@ -3560,9 +3592,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3575,13 +3608,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Atera - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS IoT SiteWise Edge cves: cve-2021-4104: investigated: false @@ -3589,9 +3622,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3604,13 +3638,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/ - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all AWS IoT SiteWise Edge components that use Log4j were made + available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher + (v2.0.2). references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Atlassian - product: Bamboo Server & Data Center + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS Kinesis Data Streams cves: cve-2021-4104: investigated: false @@ -3620,9 +3656,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3634,14 +3670,18 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: We are actively patching all sub-systems that use Log4j2 by applying updates. + The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library + (KPL) are not impacted. For customers using KCL 1.x, we have released an updated + version and we strongly recommend that all KCL version 1.x customers upgrade + to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are + not vulnerable. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Atlassian - product: Bitbucket Server & Data Center + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS KMS cves: cve-2021-4104: investigated: false @@ -3650,9 +3690,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3665,14 +3705,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product is not vulnerable to remote code execution but may leak information - due to the bundled Elasticsearch component being vulnerable. + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Atlassian - product: Confluence Server & Data Center + - vendor: Amazon + product: AWS Lambda cves: cve-2021-4104: investigated: false @@ -3682,9 +3721,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3696,14 +3735,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Vulnerable when using aws-lambda-java-log4j2. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Atlassian - product: Crowd Server & Data Center + - vendor: Amazon + product: AWS Polly cves: cve-2021-4104: investigated: false @@ -3713,9 +3751,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3727,14 +3765,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Atlassian - product: Crucible + - vendor: Amazon + product: AWS QuickSight cves: cve-2021-4104: investigated: false @@ -3744,9 +3781,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3758,14 +3795,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Atlassian - product: Fisheye + - vendor: Amazon + product: AWS RDS cves: cve-2021-4104: investigated: false @@ -3775,9 +3811,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3789,14 +3825,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified + in CVE-2021-44228. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Atlassian - product: Jira Server & Data Center + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS S3 cves: cve-2021-4104: investigated: false @@ -3806,9 +3842,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3820,14 +3856,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Attivo networks - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SDK cves: cve-2021-4104: investigated: false @@ -3835,10 +3870,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3850,45 +3886,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Atvise - product: All + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Secrets Manager cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen - notes: The security vulnerability does NOT affect our applications and products - or pose any threat. This applies to all Bachmann applications and products, - including atvise solutions. + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: AudioCodes - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Service Catalog cves: cve-2021-4104: investigated: false @@ -3896,9 +3930,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3911,13 +3946,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://services.audiocodes.com/app/answers/kbdetail/a_id/2225 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Autodesk - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS SNS cves: cve-2021-4104: investigated: false @@ -3925,9 +3960,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3940,20 +3976,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html - notes: Autodesk is continuing to perform a thorough investigation in relation - to the recently discovered Apache Log4j security vulnerabilities. We continue - to implement several mitigating factors for our products including patching, - network firewall blocks, and updated detection signatures to reduce the threat - of this vulnerability and enhance our ability to quickly respond to potential - malicious activity. We have not identified any compromised systems in the Autodesk - environment due to this vulnerability, at this time. This is an ongoing investigation - and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon SNS systems that serve customer traffic are patched against the + Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate + separately from SNS’s systems that serve customer traffic. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Automox - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SQS cves: cve-2021-4104: investigated: false @@ -3961,9 +3992,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3976,13 +4008,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Autopsy - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager cves: cve-2021-4104: investigated: false @@ -3990,9 +4022,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4005,13 +4038,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.autopsy.com/autopsy-and-log4j-vulnerability/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Auvik - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager Agent cves: cve-2021-4104: investigated: false @@ -4019,10 +4052,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4034,13 +4068,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.auvik.com/incidents/58bfngkz69mj + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Avantra SYSLINK - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Textract cves: cve-2021-4104: investigated: false @@ -4048,9 +4082,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4063,13 +4098,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Avaya - product: Avaya Analytics + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Chime cves: cve-2021-4104: investigated: false @@ -4078,13 +4113,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '3.5' - - '3.6' - - 3.6.1 - - '3.7' - - '4' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4097,13 +4128,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon Chime and Chime SDK services have been updated to mitigate the issues + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura for OneCloud Private + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cloud Directory cves: cve-2021-4104: investigated: false @@ -4111,9 +4143,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4126,16 +4159,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: Avaya is scanning and monitoring its OneCloud Private environments as part - of its management activities. Avaya will continue to monitor this fluid situation - and remediations will be made as patches become available, in accordance with - appropriate change processes. + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Application Enablement Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudFront cves: cve-2021-4104: investigated: false @@ -4144,11 +4174,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.1.3.2 - - 8.1.3.3 - - '10.1' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4161,13 +4189,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Contact Center + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudWatch cves: cve-2021-4104: investigated: false @@ -4176,13 +4204,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.0.2 - - 7.0.3 - - '7.1' - - 7.1.1 - - 7.1.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4195,13 +4219,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Device Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cognito cves: cve-2021-4104: investigated: false @@ -4210,12 +4234,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '8' - - '8.1' - - 8.1.4 - - 8.1.5 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4228,13 +4249,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Device Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Corretto cves: cve-2021-4104: investigated: false @@ -4243,12 +4264,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.0.1 - - 8.0.2 - - 8.1.3 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4260,13 +4279,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: 10/19 release distribution does not include Log4j. Vulnerable only if customers + applications use affected versions of Apache Log4j. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Media Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: DocumentDB cves: cve-2021-4104: investigated: false @@ -4275,11 +4295,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.0.0 - - 8.0.1 - - 8.0.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4292,13 +4310,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - - '[PSN020549u](https://download.avaya.com/css/secure/documents/101079316)' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Presence Services + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EC2 cves: cve-2021-4104: investigated: false @@ -4307,18 +4325,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '10.1' - - 7.1.2 - - '8' - - 8.0.1 - - 8.0.2 - - '8.1' - - 8.1.1 - - 8.1.2 - - 8.1.3 - - 8.1.4 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4331,13 +4340,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux + 2022 is affected. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Session Manager + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: ECR Public cves: cve-2021-4104: investigated: false @@ -4346,16 +4356,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '10.1' - - 7.1.3 - - '8' - - 8.0.1 - - '8.1' - - 8.1.1 - - 8.1.2 - - 8.1.3 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4368,13 +4371,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon-owned images published under a Verified Account on Amazon ECR Public + are not affected by the Log4j issue. references: - - '[PSN020550u](https://download.avaya.com/css/public/documents/101079384)' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® System Manager + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Elastic Load Balancing cves: cve-2021-4104: investigated: false @@ -4383,10 +4387,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '10.1' - - 8.1.3 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4399,13 +4402,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Services have been updated. All Elastic Load Balancers, as well as Classic, + Application, Network and Gateway, are not affected by this Log4j issue. references: - - '[PSN005565u](https://download.avaya.com/css/secure/documents/101079390)' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Web Gateway + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: EMR cves: cve-2021-4104: investigated: false @@ -4414,13 +4418,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.11[P] - - 3.8.1[P] - - 3.8[P] - - 3.9.1 [P] - - 3.9[P] - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4433,13 +4433,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Many customers are estimated to be vulnerable. Vulnerable only if affected + EMR releases are used and untrusted sources are configured to be processed. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Breeze™ + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EventBridge cves: cve-2021-4104: investigated: false @@ -4448,11 +4449,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '3.7' - - '3.8' - - 3.8.1 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4465,13 +4464,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Contact Center Select + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Fraud Detector cves: cve-2021-4104: investigated: false @@ -4480,13 +4479,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.0.2 - - 7.0.3 - - '7.1' - - 7.1.1 - - 7.1.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4499,13 +4494,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya CRM Connector - Connected Desktop + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector cves: cve-2021-4104: investigated: false @@ -4514,9 +4509,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '2.2' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4529,13 +4524,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Device Enablement Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector Classic cves: cve-2021-4104: investigated: false @@ -4544,9 +4539,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.1.22 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4559,13 +4554,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Meetings + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kafka (MSK) cves: cve-2021-4104: investigated: false @@ -4574,11 +4569,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 9.1.10 - - 9.1.11 - - 9.1.12 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4591,13 +4584,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Applying updates as required, portion of customers may still be vulnerable. + Some MSK-specific service components use Log4j > 2.0.0 library and are being + patched where needed. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya one cloud private -UCaaS - Mid Market Aura + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kendra cves: cve-2021-4104: investigated: false @@ -4606,9 +4601,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '1' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4621,13 +4616,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya OneCloud-Private + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Keyspaces (for Apache Cassandra) cves: cve-2021-4104: investigated: false @@ -4636,9 +4631,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '2' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4651,13 +4646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Session Border Controller for Enterprise + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis cves: cve-2021-4104: investigated: false @@ -4666,13 +4661,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.0.1 - - '8.1' - - 8.1.1 - - 8.1.2 - - 8.1.3 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4685,13 +4676,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - - '[PSN020554u](https://download.avaya.com/css/public/documents/101079394)' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Social Media Hub + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis Data Analytics cves: cve-2021-4104: investigated: false @@ -4699,9 +4690,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4714,13 +4706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Workforce Engagement + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lake Formation cves: cve-2021-4104: investigated: false @@ -4729,9 +4721,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '5.3' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4744,13 +4736,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Update in progress, portion of customers may still be vulnerable. AWS Lake + Formation service hosts are being updated to the latest version of Log4j. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Business Rules Engine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lex cves: cve-2021-4104: investigated: false @@ -4759,12 +4752,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '3.4' - - '3.5' - - '3.6' - - '3.7' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4777,13 +4767,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Callback Assist + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Linux (AL1) cves: cve-2021-4104: investigated: false @@ -4792,11 +4782,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '5' - - 5.0.1 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4808,13 +4797,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM + layer issue is available. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Control Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Linux (AL2) cves: cve-2021-4104: investigated: false @@ -4823,10 +4813,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 9.0.2 - - 9.0.2.1 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4839,13 +4828,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable, and a new version of Amazon Kinesis Agent which + is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j + issue in JVM layer is available. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Device Enrollment Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lookout for Equipment cves: cve-2021-4104: investigated: false @@ -4854,9 +4845,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '3.1' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4869,13 +4860,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Equinox™ Conferencing + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Macie cves: cve-2021-4104: investigated: false @@ -4884,9 +4875,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 9.1.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4899,13 +4890,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Interaction Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Macie Classic cves: cve-2021-4104: investigated: false @@ -4914,9 +4905,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.3.9 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4929,13 +4920,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: IP Office™ Platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Managed Workflows for Apache Airflow (MWAA) cves: cve-2021-4104: investigated: false @@ -4944,12 +4935,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 11.0.4 - - '11.1' - - 11.1.1 - - 11.1.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4962,13 +4950,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Proactive Outreach Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: MemoryDB for Redis cves: cve-2021-4104: investigated: false @@ -4977,12 +4965,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.1.2 - - 3.1.3 - - '4' - - 4.0.1 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4995,13 +4980,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: AVEPOINT - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Monitron cves: cve-2021-4104: investigated: false @@ -5009,9 +4994,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5024,13 +5010,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.avepoint.com/company/java-zero-day-vulnerability-notification + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AVM - product: '' + - vendor: Amazon + product: MQ cves: cve-2021-4104: investigated: false @@ -5038,9 +5024,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5053,13 +5040,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AvTech RoomAlert - product: '' + - vendor: Amazon + product: Neptune cves: cve-2021-4104: investigated: false @@ -5067,9 +5054,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5082,13 +5070,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://avtech.com/articles/23124/java-exploit-room-alert-link/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AWS New - product: '' + - vendor: Amazon + product: NICE cves: cve-2021-4104: investigated: false @@ -5096,9 +5084,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5112,12 +5101,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: Recommended to update EnginFrame or Log4j library. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AXON - product: '' + - vendor: Amazon + product: OpenSearch cves: cve-2021-4104: investigated: false @@ -5125,9 +5114,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - R20211203-P2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5140,13 +5130,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Update released, customers need to update their clusters to the fixed release. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AXS Guard - product: '' + - vendor: Amazon + product: Pinpoint cves: cve-2021-4104: investigated: false @@ -5154,9 +5144,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5169,13 +5160,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Axways Applications - product: '' + - vendor: Amazon + product: RDS Aurora cves: cve-2021-4104: investigated: false @@ -5183,9 +5174,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5198,13 +5190,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.axway.com/news/1331/lang/en + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: B&R Industrial Automation - product: APROL + - vendor: Amazon + product: RDS for Oracle cves: cve-2021-4104: investigated: false @@ -5212,9 +5204,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5227,13 +5220,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: BackBox - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Redshift cves: cve-2021-4104: investigated: false @@ -5241,9 +5234,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5256,13 +5250,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Balbix - product: '' + - vendor: Amazon + product: Rekognition cves: cve-2021-4104: investigated: false @@ -5270,9 +5264,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5285,13 +5280,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Baramundi Products - product: '' + - vendor: Amazon + product: Route 53 cves: cve-2021-4104: investigated: false @@ -5299,9 +5294,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5314,13 +5310,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875 + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Barco - product: '' + - vendor: Amazon + product: SageMaker cves: cve-2021-4104: investigated: false @@ -5328,9 +5324,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5343,13 +5340,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.barco.com/en/support/knowledge-base/kb12495 - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable + only if customers applications use affected versions of Apache Log4j. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Barracuda - product: '' + - vendor: Amazon + product: Simple Notification Service (SNS) cves: cve-2021-4104: investigated: false @@ -5357,9 +5355,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5372,13 +5371,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.barracuda.com/company/legal/trust-center - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Systems that serve customer traffic are patched against the Log4j2 issue. + Working to apply the patch to sub-systems that operate separately from SNSs + systems that serve customer traffic. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Baxter - product: '' + - vendor: Amazon + product: Simple Queue Service (SQS) cves: cve-2021-4104: investigated: false @@ -5386,9 +5387,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5401,13 +5403,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: APEX® Compounder + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Workflow Service (SWF) cves: cve-2021-4104: investigated: false @@ -5415,9 +5417,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5430,13 +5433,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Single Sign-On cves: cve-2021-4104: investigated: false @@ -5444,9 +5447,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5459,13 +5463,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: Outlook® Safety Infusion System Pump family + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Step Functions cves: cve-2021-4104: investigated: false @@ -5473,9 +5477,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5488,13 +5493,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: Pinnacle® Compounder + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Timestream cves: cve-2021-4104: investigated: false @@ -5502,9 +5507,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5517,13 +5523,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: Pump, SpaceStation, and Space® Wireless Battery) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Translate cves: cve-2021-4104: investigated: false @@ -5531,10 +5537,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5546,14 +5553,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf - notes: '' + - https://aws.amazon.com/translate/ + notes: Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® - Space® Infusion + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: VPC cves: cve-2021-4104: investigated: false @@ -5561,9 +5567,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5576,13 +5583,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Arctic Sun™ Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: WorkSpaces/AppStream 2.0 cves: cve-2021-4104: investigated: false @@ -5590,9 +5597,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5605,13 +5613,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Not affected with default configurations. WorkDocs Sync client versions + 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, + are vulnerable; For update instruction, see source for more info. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Diabetes Care App Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AMD + product: All cves: cve-2021-4104: investigated: false @@ -5619,10 +5629,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5634,13 +5645,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + notes: Currently, no AMD products have been identified as affected. AMD is continuing + its analysis. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Clinical Advisor + last_updated: '2021-12-22T00:00:00' + - vendor: Anaconda + product: All cves: cve-2021-4104: investigated: false @@ -5648,10 +5660,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 4.10.3 cve-2021-45046: investigated: false affected_versions: [] @@ -5663,13 +5676,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://docs.conda.io/projects/conda/en/latest/index.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Data Manager + last_updated: '2021-12-21T00:00:00' + - vendor: AOMEI + product: All cves: cve-2021-4104: investigated: false @@ -5677,10 +5690,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5692,13 +5706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.aomeitech.com/forum/index.php?p=/discussion/7651/aomei-and-log4j notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Diversion Management + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: ActiveMQ Artemis cves: cve-2021-4104: investigated: false @@ -5706,10 +5720,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5721,13 +5736,18 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://activemq.apache.org/news/cve-2021-44228 + notes: ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 + is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). + Although this version of Log4j is not impacted by CVE-2021-44228 future versions + of Artemis will be updated so that the Log4j jar is no longer included in the + web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) + for more information on that task. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Infection Advisor + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: Airflow cves: cve-2021-4104: investigated: false @@ -5735,10 +5755,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5750,13 +5771,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Airflow is written in Python references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Inventory Optimization Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Archiva cves: cve-2021-4104: investigated: false @@ -5764,9 +5785,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2.2.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5779,13 +5801,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.2.6. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Medication Safety + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Camel cves: cve-2021-4104: investigated: false @@ -5793,10 +5815,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5808,13 +5831,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: Apache Camel does not directly depend on Log4j 2, so we are not affected + by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own + applications, make sure to upgrade.Apache Camel does use log4j during testing + itself, and therefore you can find that we have been using log4j v2.13.3 release + in our latest LTS releases Camel 3.7.6, 3.11.4. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for BD Pyxis™ Supply + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel 2 cves: cve-2021-4104: investigated: false @@ -5822,10 +5849,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5837,13 +5865,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://camel.apache.org/blog/2021/12/log4j2/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for Infusion Technologies + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel JBang cves: cve-2021-4104: investigated: false @@ -5851,8 +5879,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <=3.1.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -5866,13 +5895,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://camel.apache.org/blog/2021/12/log4j2/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for Medication Technologies + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel K cves: cve-2021-4104: investigated: false @@ -5880,10 +5909,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5895,13 +5925,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://camel.apache.org/blog/2021/12/log4j2/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Synapsys™ Informatics Solution + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Kafka Connector cves: cve-2021-4104: investigated: false @@ -5909,10 +5939,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5924,13 +5955,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://camel.apache.org/blog/2021/12/log4j2/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Veritor™ COVID At Home Solution Cloud + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Karaf cves: cve-2021-4104: investigated: false @@ -5938,8 +5969,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -5953,13 +5985,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release + with updated log4j. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Beckman Coulter - product: '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Quarkus cves: cve-2021-4104: investigated: false @@ -5967,10 +6000,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5982,13 +6016,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://camel.apache.org/blog/2021/12/log4j2/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Beijer Electronics - product: acirro+ + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Cassandra cves: cve-2021-4104: investigated: false @@ -5996,10 +6030,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6011,13 +6046,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: BFI frequency inverters + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Druid cves: cve-2021-4104: investigated: false @@ -6025,9 +6060,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 0.22.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6040,13 +6076,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://github.com/apache/druid/releases/tag/druid-0.22.1 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: BSD servo drives + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Dubbo cves: cve-2021-4104: investigated: false @@ -6054,9 +6090,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -6069,13 +6106,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://github.com/apache/dubbo/issues/9380 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: CloudVPN + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Flink cves: cve-2021-4104: investigated: false @@ -6083,9 +6120,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.15.0 + - 1.14.2 + - 1.13.5 + - 1.12.7 + - 1.11.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6098,13 +6140,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' + - https://flink.apache.org/2021/12/10/log4j-cve.html + notes: To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, + which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped + because CVE-2021-45046 was discovered during the release publication. The new + 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j + to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: FnIO-G and M Distributed IO + - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Fortress cves: cve-2021-4104: investigated: false @@ -6112,9 +6158,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 2.0.7 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6127,13 +6174,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.0.7. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: iX Developer + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Geode cves: cve-2021-4104: investigated: false @@ -6141,9 +6188,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.14.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6156,13 +6204,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.12.6, 1.13.5, 1.14.1. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: Nexto modular PLC + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Guacamole cves: cve-2021-4104: investigated: false @@ -6170,10 +6218,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6185,13 +6234,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: Nexto Xpress compact controller + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hadoop cves: cve-2021-4104: investigated: false @@ -6199,10 +6248,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6214,13 +6264,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: WARP Engineering Studio + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: HBase cves: cve-2021-4104: investigated: false @@ -6228,8 +6278,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6243,13 +6294,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Bender - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hive cves: cve-2021-4104: investigated: false @@ -6257,9 +6308,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -6272,14 +6324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bender.de/en/cert + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response - (RTIR) - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: James cves: cve-2021-4104: investigated: false @@ -6287,8 +6338,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.6.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6302,13 +6354,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BeyondTrust Bomgar - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Jena cves: cve-2021-4104: investigated: false @@ -6316,9 +6368,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 4.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6331,13 +6384,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BeyondTrust - product: Privilege Management Cloud + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JMeter cves: cve-2021-4104: investigated: false @@ -6346,9 +6399,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Unknown + affected_versions: + - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -6361,13 +6414,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Privilege Management Reporting in BeyondInsight + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JSPWiki cves: cve-2021-4104: investigated: false @@ -6378,7 +6431,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '21.2' + - 2.11.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6391,13 +6444,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Secure Remote Access appliances + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Kafka cves: cve-2021-4104: investigated: false @@ -6409,7 +6462,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6421,13 +6474,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell - notes: '' + - https://kafka.apache.org/cve-list + notes: Uses Log4j 1.2.17. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BioMerieux - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Log4j 1.x cves: cve-2021-4104: investigated: false @@ -6435,10 +6488,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6450,13 +6504,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.biomerieux.com/en/cybersecurity-data-privacy + - https://logging.apache.org/log4j/2.x/security.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: BisectHosting - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Log4j 2.x cves: cve-2021-4104: investigated: false @@ -6464,8 +6518,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.17.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6479,13 +6534,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html - notes: '' + - https://logging.apache.org/log4j/2.x/security.html + notes: Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitDefender - product: '' + - vendor: Apache + product: Maven cves: cve-2021-4104: investigated: false @@ -6493,10 +6548,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6508,13 +6564,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitNami By VMware - product: '' + - vendor: Apache + product: NiFi cves: cve-2021-4104: investigated: false @@ -6522,10 +6578,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6537,13 +6594,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.bitnami.com/general/security/security-2021-12-10/ - notes: '' + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitRise - product: '' + - vendor: Apache + product: OFBiz cves: cve-2021-4104: investigated: false @@ -6551,9 +6608,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 18.12.03 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6566,13 +6624,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228 + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Bitwarden - product: '' + - vendor: Apache + product: Ozone cves: cve-2021-4104: investigated: false @@ -6580,9 +6638,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.2.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6595,13 +6654,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2 - notes: '' + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Biztory - product: Fivetran + - vendor: Apache + product: SkyWalking cves: cve-2021-4104: investigated: false @@ -6609,9 +6668,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 8.9.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6624,13 +6684,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.biztory.com/blog/apache-log4j2-vulnerability + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - - Vendor review indicated Fivetran is not vulnerable to Log4j2 + - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Black Kite - product: '' + - vendor: Apache + product: SOLR cves: cve-2021-4104: investigated: false @@ -6638,9 +6698,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 7.4.0 to 7.7.3 + - 8.0.0 to 8.11.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6653,13 +6715,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/ - notes: '' + - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 + notes: Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several + configurations. references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Blancco - product: '' + - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' + last_updated: '2021-12-16T00:00:00' + - vendor: Apache + product: Spark cves: cve-2021-4104: investigated: false @@ -6667,10 +6730,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6682,13 +6746,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library - notes: '' + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Uses log4j 1.x references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Blumira - product: '' + - vendor: Apache + product: Struts cves: cve-2021-4104: investigated: false @@ -6696,8 +6760,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.5.28 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6711,13 +6776,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.blumira.com/cve-2021-44228-log4shell/ + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Bladelogic Database Automation + - vendor: Apache + product: Struts 2 cves: cve-2021-4104: investigated: false @@ -6725,9 +6790,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Versions before 2.5.28.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6740,13 +6806,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' + - https://struts.apache.org/announce-2021 + notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is + available as a General Availability release. The GA designation is our highest + quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by + using the latest Log4j 2.12.2 version (Java 1.7 compatible). references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops + - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: Tapestry cves: cve-2021-4104: investigated: false @@ -6754,8 +6823,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 5.7.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6769,13 +6839,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Products + - vendor: Apache + product: Tika cves: cve-2021-4104: investigated: false @@ -6783,8 +6853,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.0.0 and up fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6798,13 +6869,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware + - vendor: Apache + product: Tomcat cves: cve-2021-4104: investigated: false @@ -6815,7 +6886,8 @@ software: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6827,13 +6899,21 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' + - https://tomcat.apache.org/security-9.html + notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications + deployed on Apache Tomcat may have a dependency on log4j. You should seek support + from the application vendor in this instance. It is possible to configure Apache + Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit + configuration and the addition of the log4j 2.x library. Anyone who has switched + Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. + In most cases, disabling the problematic feature will be the simplest solution. + Exactly how to do that depends on the exact version of log4j 2.x being used. + Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Automation Console + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: TrafficControl cves: cve-2021-4104: investigated: false @@ -6841,8 +6921,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6856,13 +6937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Business Workflows + - vendor: Apache + product: ZooKeeper cves: cve-2021-4104: investigated: false @@ -6870,10 +6951,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6885,13 +6967,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Client Management + - vendor: APC by Schneider Electric + product: Powerchute Business Edition cves: cve-2021-4104: investigated: false @@ -6899,9 +6981,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v9.5 + - v10.0.1 + - v10.0.2 + - v10.0.3 + - v10.0.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6914,13 +7001,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Cloud Cost + last_updated: '2021-12-15T00:00:00' + - vendor: APC by Schneider Electric + product: Powerchute Network Shutdown cves: cve-2021-4104: investigated: false @@ -6928,9 +7015,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '4.2' + - '4.3' + - '4.4' + - 4.4.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6943,13 +7034,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Cloud Security + last_updated: '2021-12-15T00:00:00' + - vendor: Apereo + product: CAS cves: cve-2021-4104: investigated: false @@ -6957,9 +7048,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 6.3.x + - 6.4.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -6972,13 +7065,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' + - https://apereo.github.io/2021/12/11/log4j-vuln/ + notes: Other versions still in active maintainance might need manual inspection. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix CMDB + - vendor: Apereo + product: Opencast cves: cve-2021-4104: investigated: false @@ -6986,9 +7079,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 9.10 + - < 10.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -7001,13 +7096,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Continuous Optimization + - vendor: Apigee + product: Edge and OPDK products cves: cve-2021-4104: investigated: false @@ -7015,10 +7110,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7030,13 +7126,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://status.apigee.com/incidents/3cgzb0q2r10p notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Control-M + - vendor: Apollo + product: All cves: cve-2021-4104: investigated: false @@ -7059,13 +7155,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://community.apollographql.com/t/log4j-vulnerability/2214 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Digital Workplace + - vendor: Appdynamics + product: All cves: cve-2021-4104: investigated: false @@ -7088,13 +7184,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Discovery + - vendor: Appeon + product: PowerBuilder cves: cve-2021-4104: investigated: false @@ -7102,8 +7198,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Appeon PowerBuilder 2017-2021 regardless of product edition fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7117,13 +7214,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://community.appeon.com/index.php/qna/q-a/apache-log4j-security-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix ITSM + last_updated: '2021-12-15T00:00:00' + - vendor: AppGate + product: All cves: cve-2021-4104: investigated: false @@ -7146,13 +7243,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Knowledge Management + - vendor: Appian + product: Appian Platform cves: cve-2021-4104: investigated: false @@ -7160,9 +7257,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -7175,13 +7273,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Operations Management with AIOps + last_updated: '2021-12-22T00:00:00' + - vendor: Application Performance Ltd + product: DBMarlin cves: cve-2021-4104: investigated: false @@ -7192,7 +7290,8 @@ software: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7204,13 +7303,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Platform + last_updated: '2021-12-15T00:00:00' + - vendor: APPSHEET + product: All cves: cve-2021-4104: investigated: false @@ -7233,13 +7332,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix platform + - vendor: Aptible + product: All cves: cve-2021-4104: investigated: false @@ -7247,9 +7346,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Search 5.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -7262,13 +7362,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Remediate + - vendor: Aqua Security + product: All cves: cve-2021-4104: investigated: false @@ -7291,13 +7391,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Remediate + - vendor: Arbiter Systems + product: All cves: cve-2021-4104: investigated: false @@ -7305,10 +7405,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7320,13 +7421,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.arbiter.com/news/index.php?id=4403 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Remedyforce + last_updated: '2021-12-22T00:00:00' + - vendor: ARC Informatique + product: All cves: cve-2021-4104: investigated: false @@ -7334,7 +7435,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -7349,13 +7450,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Virtual Agent + last_updated: '2022-01-13T00:00:00' + - vendor: Arca Noae + product: All cves: cve-2021-4104: investigated: false @@ -7378,13 +7479,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Cloud Lifecycle Management + - vendor: Arcserve + product: Arcserve Backup cves: cve-2021-4104: investigated: false @@ -7392,10 +7493,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7407,13 +7509,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Control-M + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve Continuous Availability cves: cve-2021-4104: investigated: false @@ -7421,10 +7523,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7436,13 +7539,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Footprints + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve Email Archiving cves: cve-2021-4104: investigated: false @@ -7450,10 +7553,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7465,13 +7569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: MainView Middleware Administrator + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve UDP cves: cve-2021-4104: investigated: false @@ -7479,10 +7583,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 6.5-8.3 cve-2021-45046: investigated: false affected_versions: [] @@ -7494,13 +7599,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: MainView Middleware Monitor + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: ShadowProtect cves: cve-2021-4104: investigated: false @@ -7508,10 +7613,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: ShadowXafe + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7523,13 +7659,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Remedy ITSM (IT Service Management) + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Solo cves: cve-2021-4104: investigated: false @@ -7537,10 +7673,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: StorageCraft OneXafe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7552,13 +7719,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: SmartIT + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: ArcticWolf + product: All cves: cve-2021-4104: investigated: false @@ -7581,13 +7748,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://arcticwolf.com/resources/blog/log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Track-It! + - vendor: Arduino + product: IDE cves: cve-2021-4104: investigated: false @@ -7595,9 +7762,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.8.17 unaffected_versions: [] cve-2021-45046: investigated: false @@ -7610,13 +7778,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Automation for Networks + - vendor: Ariba + product: All cves: cve-2021-4104: investigated: false @@ -7639,13 +7807,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Automation for Servers + - vendor: Arista + product: Analytics Node for Converged Cloud Fabric cves: cve-2021-4104: investigated: false @@ -7653,8 +7821,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '>7.0.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7668,13 +7837,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Capacity Optimization + - vendor: Arista + product: Analytics Node for DANZ Monitoring Fabric cves: cve-2021-4104: investigated: false @@ -7682,8 +7851,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '>7.0.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7697,13 +7867,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Monitoring Fabric references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Infrastructure Management + - vendor: Arista + product: CloudVision Portal cves: cve-2021-4104: investigated: false @@ -7711,8 +7881,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '>2019.1.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7726,13 +7897,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Operations Management + - vendor: Arista + product: CloudVision Wi-Fi, virtual or physical appliance cves: cve-2021-4104: investigated: false @@ -7740,8 +7911,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '>8.8' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7755,13 +7927,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Orchestration + - vendor: Arista + product: Embedded Analytics for Converged Cloud Fabric cves: cve-2021-4104: investigated: false @@ -7769,8 +7941,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '>5.3.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7784,13 +7957,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Bosch - product: '' + - vendor: Aruba Networks + product: AirWave Management Platform cves: cve-2021-4104: investigated: false @@ -7798,10 +7971,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7813,13 +7987,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/ + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Boston Scientific - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Analytics and Location Engine cves: cve-2021-4104: investigated: false @@ -7827,10 +8001,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7842,13 +8017,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Box - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS SD-WAN Gateways cves: cve-2021-4104: investigated: false @@ -7856,10 +8031,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7871,13 +8047,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.box.com/boxs-statement-recent-log4j-vulnerability-cve-2021-44228 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Brainworks - product: '' + - vendor: Aruba Networks + product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -7885,10 +8061,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7900,13 +8077,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.brainworks.de/log4j-exploit-kerio-connect-workaround/ + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BrightSign - product: '' + - vendor: Aruba Networks + product: ArubaOS-CX Switches cves: cve-2021-4104: investigated: false @@ -7914,10 +8091,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7929,13 +8107,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://brightsign.atlassian.net/wiki/spaces/DOC/pages/370679198/Security+Statement+Log4J+Meltdown+and+Spectre+Vulnerabilities#SecurityStatement%3ALog4J%2CMeltdownandSpectreVulnerabilities-JavaApacheLog4j + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Advanced Secure Gateway (ASG) + - vendor: Aruba Networks + product: ArubaOS-S Switches cves: cve-2021-4104: investigated: false @@ -7943,10 +8121,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7958,13 +8137,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Automic Automation + - vendor: Aruba Networks + product: Central cves: cve-2021-4104: investigated: false @@ -7972,10 +8151,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7987,13 +8167,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.broadcom.com/external/article?articleId=230308 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: BCAAA + - vendor: Aruba Networks + product: Central On-Prem cves: cve-2021-4104: investigated: false @@ -8001,10 +8181,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8016,13 +8197,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: CA Advanced Authentication + - vendor: Aruba Networks + product: ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -8031,10 +8212,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '9.1' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8045,13 +8226,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: CA Risk Authentication + - vendor: Aruba Networks + product: EdgeConnect cves: cve-2021-4104: investigated: false @@ -8059,10 +8241,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8073,13 +8256,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: CA Strong Authentication + - vendor: Aruba Networks + product: Fabric Composer (AFC) cves: cve-2021-4104: investigated: false @@ -8087,10 +8271,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8101,13 +8286,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Cloud Workload Protection (CWP) + - vendor: Aruba Networks + product: HP ProCurve Switches cves: cve-2021-4104: investigated: false @@ -8115,10 +8301,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8130,13 +8317,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Cloud Workload Protection for Storage (CWP:S) + - vendor: Aruba Networks + product: Instant cves: cve-2021-4104: investigated: false @@ -8144,10 +8331,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8159,13 +8347,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: CloudSOC Cloud Access Security Broker (CASB) + - vendor: Aruba Networks + product: Instant Access Points cves: cve-2021-4104: investigated: false @@ -8173,10 +8361,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8188,13 +8377,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Content Analysis (CA) + - vendor: Aruba Networks + product: Instant On cves: cve-2021-4104: investigated: false @@ -8202,10 +8391,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8217,13 +8407,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Critical System Protection (CSP) + - vendor: Aruba Networks + product: IntroSpect cves: cve-2021-4104: investigated: false @@ -8231,9 +8421,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Versions 2.5.0.0 to 2.5.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -8246,13 +8437,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Data Center Security (DCS) + - vendor: Aruba Networks + product: Legacy GMS Products cves: cve-2021-4104: investigated: false @@ -8260,9 +8451,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8275,13 +8467,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Data Loss Prevention (DLP) + - vendor: Aruba Networks + product: Legacy NX cves: cve-2021-4104: investigated: false @@ -8289,10 +8481,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8304,13 +8497,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Email Security Service (ESS) + - vendor: Aruba Networks + product: Legacy VRX cves: cve-2021-4104: investigated: false @@ -8318,10 +8511,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8333,13 +8527,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Ghost Solution Suite (GSS) + - vendor: Aruba Networks + product: Legacy VX cves: cve-2021-4104: investigated: false @@ -8347,10 +8541,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8362,13 +8557,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: HSM Agent + - vendor: Aruba Networks + product: NetEdit cves: cve-2021-4104: investigated: false @@ -8376,10 +8571,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8391,13 +8587,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Industrial Control System Protection (ICSP) + - vendor: Aruba Networks + product: Plexxi Composable Fabric Manager (CFM) cves: cve-2021-4104: investigated: false @@ -8405,10 +8601,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8420,13 +8617,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Integrated Cyber Defense Manager (ICDm) + - vendor: Aruba Networks + product: Silver Peak Orchestrator cves: cve-2021-4104: investigated: false @@ -8434,9 +8631,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8449,13 +8647,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Integrated Secure Gateway (ISG) + - vendor: Aruba Networks + product: User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -8463,10 +8661,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8478,13 +8677,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: IT Management Suite + - vendor: Aruba Networks + product: VIA Clients cves: cve-2021-4104: investigated: false @@ -8492,10 +8691,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8507,13 +8707,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Layer7 API Developer Portal + - vendor: Ataccama + product: All cves: cve-2021-4104: investigated: false @@ -8536,13 +8736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Layer7 API Gateway + - vendor: Atera + product: All cves: cve-2021-4104: investigated: false @@ -8565,13 +8765,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Layer7 Mobile API Gateway + - vendor: Atlassian + product: Bamboo Server & Data Center cves: cve-2021-4104: investigated: false @@ -8579,8 +8779,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - On Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8594,13 +8795,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: Only vulnerable when using non-default config, cloud version fixed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Management Center (MC) + - vendor: Atlassian + product: Bitbucket Server & Data Center cves: cve-2021-4104: investigated: false @@ -8608,9 +8809,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - On prem unaffected_versions: [] cve-2021-45046: investigated: false @@ -8623,13 +8825,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: This product is not vulnerable to remote code execution but may leak information + due to the bundled Elasticsearch component being vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: PacketShaper (PS) S-Series + - vendor: Atlassian + product: Confluence Server & Data Center cves: cve-2021-4104: investigated: false @@ -8637,8 +8840,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8652,13 +8856,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: Only vulnerable when using non-default config, cloud version fixed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: PolicyCenter (PC) S-Series + - vendor: Atlassian + product: Confluence-CIS CSAT Pro cves: cve-2021-4104: investigated: false @@ -8666,8 +8870,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v1.7.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8681,13 +8886,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Privileged Access Manager + - vendor: Atlassian + product: Confluence-CIS WorkBench cves: cve-2021-4104: investigated: false @@ -8695,10 +8900,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8710,13 +8916,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Privileged Access Manager Server Control + - vendor: Atlassian + product: Confluence-CIS-CAT Lite cves: cve-2021-4104: investigated: false @@ -8724,8 +8930,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8739,13 +8946,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Privileged Identity Manager + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable cves: cve-2021-4104: investigated: false @@ -8753,8 +8960,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v3.0.77 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8768,13 +8976,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: ProxySG + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v4 cves: cve-2021-4104: investigated: false @@ -8782,8 +8990,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8797,13 +9006,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Reporter + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v4 Service cves: cve-2021-4104: investigated: false @@ -8811,8 +9020,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v1.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8826,13 +9036,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Secure Access Cloud (SAC) + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Dashboard cves: cve-2021-4104: investigated: false @@ -8840,10 +9050,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8855,13 +9066,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Security Analytics (SA) + - vendor: Atlassian + product: Confluence-CIS-Hosted CSAT cves: cve-2021-4104: investigated: false @@ -8869,10 +9080,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8884,13 +9096,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: SiteMinder (CA Single Sign-On) + - vendor: Atlassian + product: Crowd Server & Data Center cves: cve-2021-4104: investigated: false @@ -8898,8 +9110,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8913,13 +9126,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: This product may be affected by a related but lower severity vulnerability + if running in a specific non-default configuration. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: SSL Visibility (SSLV) + - vendor: Atlassian + product: Crucible cves: cve-2021-4104: investigated: false @@ -8927,8 +9141,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8942,13 +9157,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: This product may be affected by a related but lower severity vulnerability + if running in a specific non-default configuration. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Control Compliance Suite (CCS) + - vendor: Atlassian + product: Fisheye cves: cve-2021-4104: investigated: false @@ -8956,8 +9172,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8971,13 +9188,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: This product may be affected by a related but lower severity vulnerability + if running in a specific non-default configuration. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Directory + - vendor: Atlassian + product: Jira Server & Data Center cves: cve-2021-4104: investigated: false @@ -8985,8 +9203,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9000,13 +9219,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: This product may be affected by a related but lower severity vulnerability + if running in a specific non-default configuration. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Endpoint Detection and Response (EDR) + - vendor: Attivo Networks + product: All cves: cve-2021-4104: investigated: false @@ -9029,42 +9249,45 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Endpoint Encryption (SEE) + - vendor: Atvise + product: All cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 - notes: '' + - https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen + notes: The security vulnerability does NOT affect our applications and products + or pose any threat. This applies to all Bachmann applications and products, + including atvise solutions. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Endpoint Protection (SEP) + last_updated: '2022-01-17T00:00:00' + - vendor: AudioCodes + product: All cves: cve-2021-4104: investigated: false @@ -9087,13 +9310,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://services.audiocodes.com/app/answers/kbdetail/a_id/2225 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Endpoint Protection (SEP) for Mobile + - vendor: Autodesk + product: All cves: cve-2021-4104: investigated: false @@ -9116,13 +9339,20 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 - notes: '' + - https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html + notes: Autodesk is continuing to perform a thorough investigation in relation + to the recently discovered Apache Log4j security vulnerabilities. We continue + to implement several mitigating factors for our products including patching, + network firewall blocks, and updated detection signatures to reduce the threat + of this vulnerability and enhance our ability to quickly respond to potential + malicious activity. We have not identified any compromised systems in the Autodesk + environment due to this vulnerability, at this time. This is an ongoing investigation + and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Endpoint Protection Manager (SEPM) + last_updated: '2021-12-21T00:00:00' + - vendor: Automation Anywhere + product: Automation 360 Cloud cves: cve-2021-4104: investigated: false @@ -9131,9 +9361,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '14.3' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -9146,13 +9376,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 - notes: '' + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Identity Governance and Administration (IGA) + - vendor: Automation Anywhere + product: Automation 360 On Premise cves: cve-2021-4104: investigated: false @@ -9160,9 +9391,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -9175,13 +9407,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 - notes: '' + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Mail Security for Microsoft Exchange (SMSMSE) + - vendor: Automation Anywhere + product: Automation Anywhere cves: cve-2021-4104: investigated: false @@ -9189,9 +9422,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 11.x + - <11.3x unaffected_versions: [] cve-2021-45046: investigated: false @@ -9204,13 +9439,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 - notes: '' + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Messaging Gateway (SMG) + - vendor: Automox + product: All cves: cve-2021-4104: investigated: false @@ -9233,13 +9469,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec PGP Solutions + - vendor: Autopsy + product: All cves: cve-2021-4104: investigated: false @@ -9262,13 +9498,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.autopsy.com/autopsy-and-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Broadcom - product: Symantec Protection Engine (SPE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Auvik + product: All cves: cve-2021-4104: investigated: false @@ -9291,13 +9527,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://status.auvik.com/incidents/58bfngkz69mj notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Broadcom - product: Symantec Protection for SharePoint Servers (SPSS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Avantra SYSLINK + product: All cves: cve-2021-4104: investigated: false @@ -9320,13 +9556,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Broadcom - product: VIP + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Avaya + product: Avaya Analytics cves: cve-2021-4104: investigated: false @@ -9334,8 +9570,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '3.5' + - '3.6' + - 3.6.1 + - '3.7' + - '4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9349,13 +9590,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Broadcom - product: VIP Authentication Hub + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Aura Application Enablement Services cves: cve-2021-4104: investigated: false @@ -9363,8 +9604,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.1.3.2 + - 8.1.3.3 + - '10.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9378,13 +9622,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Broadcom - product: Web Isolation (WI) + - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Aura Contact Center cves: cve-2021-4104: investigated: false @@ -9392,8 +9636,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 7.0.2 + - 7.0.3 + - '7.1' + - 7.1.1 + - 7.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9407,13 +9656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Broadcom - product: Web Security Service (WSS) + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Aura Device Services cves: cve-2021-4104: investigated: false @@ -9421,8 +9670,15 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '8' + - 8.0.1 + - 8.0.2 + - '8.1' + - 8.1.3 + - 8.1.4 + - 8.1.5 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9436,13 +9692,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Broadcom - product: WebPulse + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Aura for OneCloud Private cves: cve-2021-4104: investigated: false @@ -9450,8 +9706,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9465,13 +9722,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 - notes: '' + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + notes: Avaya is scanning and monitoring its OneCloud Private environments as part + of its management activities. Avaya will continue to monitor this fluid situation + and remediations will be made as patches become available, in accordance with + appropriate change processes. references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: C4b XPHONE - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Aura Media Server cves: cve-2021-4104: investigated: false @@ -9479,8 +9739,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.0.0 + - 8.0.1 + - 8.0.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9494,13 +9757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.c4b.com/de/news/log4j.php + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Campbell Scientific - product: All + - '[PSN020549u](https://download.avaya.com/css/secure/documents/101079316)' + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Aura Presence Services cves: cve-2021-4104: investigated: false @@ -9508,8 +9771,18 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '10.1' + - 7.1.2 + - '8' + - 8.0.1 + - 8.0.2 + - '8.1' + - 8.1.1 + - 8.1.2 + - 8.1.3 + - 8.1.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9523,13 +9796,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://s.campbellsci.com/documents/us/miscellaneous/log4j2-vulnerability.pdf + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Camunda - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Aura Session Manager cves: cve-2021-4104: investigated: false @@ -9537,8 +9810,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '10.1' + - 7.1.3 + - '8' + - 8.0.1 + - '8.1' + - 8.1.1 + - 8.1.2 + - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9552,13 +9833,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910 + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Canary Labs - product: All + - '[PSN020550u](https://download.avaya.com/css/public/documents/101079384)' + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Aura System Manager cves: cve-2021-4104: investigated: false @@ -9566,8 +9847,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '10.1' + - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9581,13 +9864,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: Alphenix (Angio Workstation) + - '[PSN005565u](https://download.avaya.com/css/secure/documents/101079390)' + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Aura Web Gateway cves: cve-2021-4104: investigated: false @@ -9595,8 +9878,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.11[P] + - 3.8.1[P] + - 3.8[P] + - 3.9.1[P] + - 3.9[P] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9610,13 +9898,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: CT Medical Imaging Products + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Breeze cves: cve-2021-4104: investigated: false @@ -9624,8 +9912,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '3.7' + - '3.8' + - 3.8.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9639,13 +9930,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: Infinix-i (Angio Workstation) + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Contact Center Select cves: cve-2021-4104: investigated: false @@ -9653,8 +9944,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 7.0.2 + - 7.0.3 + - '7.1' + - 7.1.1 + - 7.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9668,13 +9964,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: MR Medical Imaging Products + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya CRM Connector - Connected Desktop cves: cve-2021-4104: investigated: false @@ -9682,8 +9978,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '2.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9697,13 +9994,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: NM Medical Imaging Products + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Device Enablement Service cves: cve-2021-4104: investigated: false @@ -9711,8 +10008,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.1.22 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9726,13 +10024,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: UL Medical Imaging Products + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Meetings cves: cve-2021-4104: investigated: false @@ -9740,8 +10038,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 9.1.10 + - 9.1.11 + - 9.1.12 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9755,13 +10056,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: Vitrea Advanced 7.x + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya OneCloud-Private cves: cve-2021-4104: investigated: false @@ -9769,8 +10070,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9784,13 +10086,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: XR Medical Imaging Products + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya OneCloud-Private-UCaaS - Mid Market Aura cves: cve-2021-4104: investigated: false @@ -9798,8 +10100,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9813,13 +10116,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: CapStorm - product: Copystorm + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Session Border Controller for Enterprise cves: cve-2021-4104: investigated: false @@ -9827,8 +10130,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.0.1 + - '8.1' + - 8.1.1 + - 8.1.2 + - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9841,13 +10149,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: CarbonBlack - product: '' + - '[PSN020554u](https://download.avaya.com/css/public/documents/101079394)' + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Social Media Hub cves: cve-2021-4104: investigated: false @@ -9855,8 +10164,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9870,13 +10180,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Carestream - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Workforce Engagement cves: cve-2021-4104: investigated: false @@ -9884,8 +10194,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '5.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9899,13 +10210,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Carrier - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Business Rules Engine cves: cve-2021-4104: investigated: false @@ -9913,8 +10224,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '3.4' + - '3.5' + - '3.6' + - '3.7' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9928,13 +10243,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.corporate.carrier.com/product-security/advisories-resources/ + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: CAS genesisWorld - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Callback Assist cves: cve-2021-4104: investigated: false @@ -9942,8 +10257,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '5' + - 5.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9957,13 +10274,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.cas.de/CASHelpdesk/FAQDetails.aspx?gguid=0x79F9E881EE3C46C1A71BE9EB3E480446 + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cato Networks - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Control Manager cves: cve-2021-4104: investigated: false @@ -9971,8 +10288,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 9.0.2 + - 9.0.2.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9986,13 +10305,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.catonetworks.com/blog/cato-networks-rapid-response-to-the-apache-log4j-remote-code-execution-vulnerability/ + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cepheid - product: C360 + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Device Enrollment Service cves: cve-2021-4104: investigated: false @@ -10000,8 +10319,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '3.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10015,13 +10335,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.cepheid.com/en_US/legal/product-security-updates + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Cepheid - product: GeneXpert + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Equinox Conferencing cves: cve-2021-4104: investigated: false @@ -10029,8 +10349,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 9.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10044,13 +10365,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.cepheid.com/en_US/legal/product-security-updates + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Cerberus FTP - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Interaction Center cves: cve-2021-4104: investigated: false @@ -10058,8 +10379,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 7.3.9 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10073,13 +10395,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Chaser Systems - product: discrimiNAT Firewall + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: IP Office Platform cves: cve-2021-4104: investigated: false @@ -10088,10 +10410,13 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 11.0.4 + - '11.1' + - 11.1.1 + - 11.1.2 fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10103,13 +10428,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/#are-chasers-products-affected + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Check Point - product: CloudGuard + last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Proactive Outreach Manager cves: cve-2021-4104: investigated: false @@ -10118,10 +10443,13 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 3.1.2 + - 3.1.3 + - '4' + - 4.0.1 fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10133,13 +10461,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Check Point - product: Harmony Endpoint & Harmony Mobile + last_updated: '2021-12-14T00:00:00' + - vendor: AVEPOINT + product: All cves: cve-2021-4104: investigated: false @@ -10147,11 +10475,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10163,13 +10490,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://www.avepoint.com/company/java-zero-day-vulnerability-notification notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Check Point - product: Infinity Portal + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AVM + product: All cves: cve-2021-4104: investigated: false @@ -10177,10 +10504,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10192,13 +10520,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 - notes: '' + - https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C + notes: devices, firmware, software incl. MyFritz Service. references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Check Point - product: Quantum Security Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AvTech RoomAlert + product: All cves: cve-2021-4104: investigated: false @@ -10206,11 +10534,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10222,13 +10549,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://avtech.com/articles/23124/java-exploit-room-alert-link/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Check Point - product: Quantum Security Management + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AXIS + product: OS cves: cve-2021-4104: investigated: false @@ -10252,14 +10579,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 - notes: Where used, uses the 1.8.0\_u241 version of the JRE that protects against - this attack by default. + - https://help.axis.com/axis-os + notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Check Point - product: SMB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AXON + product: All cves: cve-2021-4104: investigated: false @@ -10267,11 +10593,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10283,13 +10608,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Check Point - product: ThreatCloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AXS Guard + product: All cves: cve-2021-4104: investigated: false @@ -10312,13 +10637,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: CheckMK - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Axways Applications + product: All cves: cve-2021-4104: investigated: false @@ -10341,13 +10666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.checkmk.com/t/checkmk-not-affected-by-log4shell/28643/3 + - https://support.axway.com/news/1331/lang/en notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Ciphermail - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: B&R Industrial Automation + product: APROL cves: cve-2021-4104: investigated: false @@ -10355,10 +10680,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10370,13 +10696,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ciphermail.com/blog/ciphermail-gateway-and-webmail-messenger-are-not-vulnerable-to-cve-2021-44228.html + - https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: CircleCI - product: CircleCI + last_updated: '2021-12-16T00:00:00' + - vendor: Backblaze + product: Cloud cves: cve-2021-4104: investigated: false @@ -10384,9 +10710,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -10399,13 +10726,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.circleci.com/t/circleci-log4j-information-cve-2021-4422 - notes: '' + - https://help.backblaze.com/hc/en-us/articles/4412580603419 + notes: Cloud service patched. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: CIS - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BackBox + product: All cves: cve-2021-4104: investigated: false @@ -10428,13 +10755,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cisecurity.atlassian.net/servicedesk/customer/portal/15/article/2434301961 + - https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: AppDynamics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Balbix + product: All cves: cve-2021-4104: investigated: false @@ -10457,13 +10784,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco ACI Multi-Site Orchestrator + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Baramundi Products + product: All cves: cve-2021-4104: investigated: false @@ -10486,13 +10813,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco ACI Virtual Edge + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: Demetra cves: cve-2021-4104: investigated: false @@ -10500,10 +10827,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10515,13 +10843,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Adaptive Security Appliance (ASA) Software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: Demetra cves: cve-2021-4104: investigated: false @@ -10529,10 +10857,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10544,13 +10873,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Advanced Web Security Reporting Application + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: Green Barco Wall Control Manager (gBCM) cves: cve-2021-4104: investigated: false @@ -10558,10 +10887,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10573,13 +10903,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco AMP Virtual Private Cloud Appliance + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: MediCal QAWeb cves: cve-2021-4104: investigated: false @@ -10587,10 +10917,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10602,13 +10933,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco AnyConnect Secure Mobility Client + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: NexxisOR cves: cve-2021-4104: investigated: false @@ -10616,10 +10947,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10631,13 +10963,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Application Policy Infrastructure Controller (APIC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: OpSpace cves: cve-2021-4104: investigated: false @@ -10645,9 +10977,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.8 - 1.9.4.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -10660,13 +10993,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco ASR 5000 Series Routers + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: Transform N (TFN) cves: cve-2021-4104: investigated: false @@ -10674,10 +11007,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10689,13 +11023,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Broadcloud Calling + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barracuda + product: All cves: cve-2021-4104: investigated: false @@ -10718,13 +11052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.barracuda.com/company/legal/trust-center notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco BroadWorks + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Basis Technology + product: Autopsy cves: cve-2021-4104: investigated: false @@ -10732,9 +11066,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.18.0 onwards unaffected_versions: [] cve-2021-45046: investigated: false @@ -10747,13 +11082,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' + - https://www.autopsy.com/autopsy-and-log4j-vulnerability/ + notes: version 4.18.0 onwards use Apache Solr 8. references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Catalyst 9800 Series Wireless Controllers + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Baxter + product: All cves: cve-2021-4104: investigated: false @@ -10776,13 +11111,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco CloudCenter Suite Admin + last_updated: '2021-12-20T00:00:00' + - vendor: BBraun + product: APEX® Compounder cves: cve-2021-4104: investigated: false @@ -10790,10 +11125,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -10805,13 +11141,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco CloudCenter Workload Manager + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software cves: cve-2021-4104: investigated: false @@ -10819,9 +11155,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -10834,13 +11171,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Cognitive Intelligence + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Outlook® Safety Infusion System Pump family cves: cve-2021-4104: investigated: false @@ -10848,10 +11185,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -10863,13 +11201,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Common Services Platform Collector + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Pinnacle® Compounder cves: cve-2021-4104: investigated: false @@ -10877,10 +11215,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -10892,13 +11231,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Computer Telephony Integration Object Server (CTIOS) + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Pump, SpaceStation, and Space® Wireless Battery) cves: cve-2021-4104: investigated: false @@ -10906,10 +11245,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -10921,13 +11261,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Connected Grid Device Manager + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® + Space® Infusion cves: cve-2021-4104: investigated: false @@ -10935,10 +11276,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -10950,13 +11292,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Connected Mobile Experiences + last_updated: '2022-01-31T00:00:00' + - vendor: BD + product: Arctic Sun™ Analytics cves: cve-2021-4104: investigated: false @@ -10979,13 +11321,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Connectivity + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Diabetes Care App Cloud cves: cve-2021-4104: investigated: false @@ -11008,13 +11350,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Contact Center Domain Manager (CCDM) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Clinical Advisor cves: cve-2021-4104: investigated: false @@ -11037,13 +11379,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Contact Center Management Portal (CCMP) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Data Manager cves: cve-2021-4104: investigated: false @@ -11066,13 +11408,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Crosswork Change Automation + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Diversion Management cves: cve-2021-4104: investigated: false @@ -11095,13 +11437,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco CX Cloud Agent Software + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Infection Advisor cves: cve-2021-4104: investigated: false @@ -11124,13 +11466,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Data Center Network Manager (DCNM) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Inventory Optimization Analytics cves: cve-2021-4104: investigated: false @@ -11153,13 +11495,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Defense Orchestrator + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Medication Safety cves: cve-2021-4104: investigated: false @@ -11182,13 +11524,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco DNA Assurance + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Knowledge Portal for BD Pyxis™ Supply cves: cve-2021-4104: investigated: false @@ -11211,13 +11553,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco DNA Center + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Knowledge Portal for Infusion Technologies cves: cve-2021-4104: investigated: false @@ -11240,13 +11582,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco DNA Spaces + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Knowledge Portal for Medication Technologies cves: cve-2021-4104: investigated: false @@ -11269,13 +11611,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Elastic Services Controller (ESC) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Synapsys™ Informatics Solution cves: cve-2021-4104: investigated: false @@ -11298,13 +11640,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Emergency Responder + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Veritor™ COVID At Home Solution Cloud cves: cve-2021-4104: investigated: false @@ -11327,13 +11669,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Enterprise Chat and Email + last_updated: '2021-12-20T00:00:00' + - vendor: Beckman Coulter + product: Access 2 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -11341,10 +11683,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11356,13 +11699,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Enterprise NFV Infrastructure Software (NFVIS) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T 5diff (Hematology) cves: cve-2021-4104: investigated: false @@ -11370,10 +11713,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11385,13 +11729,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Evolved Programmable Network Manager + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T Family (Hematology) cves: cve-2021-4104: investigated: false @@ -11399,10 +11743,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11414,13 +11759,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Extensible Network Controller (XNC) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU2700 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -11428,10 +11773,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11443,13 +11789,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Finesse + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU480 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -11457,10 +11803,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11472,13 +11819,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Firepower Management Center + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5400 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -11486,10 +11833,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11501,13 +11849,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Firepower Threat Defense (FTD) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5800 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -11515,10 +11863,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11530,13 +11879,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco GGSN Gateway GPRS Support Node + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU640 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -11544,10 +11893,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11559,13 +11909,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco HyperFlex System + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU680 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -11573,10 +11923,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11588,13 +11939,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Identity Services Engine (ISE) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1200 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -11602,10 +11953,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11617,13 +11969,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Integrated Management Controller (IMC) Supervisor + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1250 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -11631,10 +11983,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11646,13 +11999,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Intersight + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2500 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -11660,10 +12013,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11675,13 +12029,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Intersight Virtual Appliance + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2550 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -11689,10 +12043,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11704,13 +12059,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco IOS and IOS XE Software + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -11718,10 +12073,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11733,14 +12089,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco IoT Field Network Director (formerly Cisco Connected Grid Network - Management System) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 Fit (Lab Automation) cves: cve-2021-4104: investigated: false @@ -11748,10 +12103,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11763,13 +12119,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco IoT Operations Dashboard + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 500 (Hematology) cves: cve-2021-4104: investigated: false @@ -11777,10 +12133,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11792,13 +12149,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco IOx Fog Director + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 520 (Hematology) cves: cve-2021-4104: investigated: false @@ -11806,10 +12163,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11821,13 +12179,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco IP Services Gateway (IPSG) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 560 (Hematology) cves: cve-2021-4104: investigated: false @@ -11835,10 +12193,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11850,13 +12209,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Kinetic for Cities + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 600 (Hematology) cves: cve-2021-4104: investigated: false @@ -11864,10 +12223,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11879,13 +12239,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco MDS 9000 Series Multilayer Switches + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 690T (Hematology) cves: cve-2021-4104: investigated: false @@ -11893,10 +12253,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11908,13 +12269,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Meeting Server + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 800 (Hematology) cves: cve-2021-4104: investigated: false @@ -11922,10 +12283,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11937,13 +12299,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco MME Mobility Management Entity + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 900 (Hematology) cves: cve-2021-4104: investigated: false @@ -11951,10 +12313,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11966,13 +12329,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Modeling Labs + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS (Hematology) cves: cve-2021-4104: investigated: false @@ -11980,10 +12343,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11995,13 +12359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Network Assessment (CNA) Tool + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS II (Hematology) cves: cve-2021-4104: investigated: false @@ -12009,10 +12373,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12024,13 +12389,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Network Assurance Engine + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM Autoplak (Microbiology) cves: cve-2021-4104: investigated: false @@ -12038,10 +12403,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12053,13 +12419,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Network Convergence System 2000 Series + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1040 (Microbiology) cves: cve-2021-4104: investigated: false @@ -12067,10 +12433,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12082,13 +12449,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Network Planner + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1096 (Microbiology) cves: cve-2021-4104: investigated: false @@ -12096,10 +12463,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12111,13 +12479,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Network Services Orchestrator (NSO) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Command Central (Information Systems) cves: cve-2021-4104: investigated: false @@ -12125,9 +12493,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -12140,13 +12509,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Customers can follow instructions to remove log4j references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Nexus 5500 Platform Switches + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Insights (Information Systems) cves: cve-2021-4104: investigated: false @@ -12154,9 +12523,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -12169,13 +12539,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Patch has been applied. references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Nexus 5600 Platform Switches + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Inventory Manager (Information Systems) cves: cve-2021-4104: investigated: false @@ -12183,10 +12553,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12198,13 +12569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Nexus 6000 Series Switches + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Workflow Manager (Information Systems) cves: cve-2021-4104: investigated: false @@ -12212,10 +12583,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12227,13 +12599,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Nexus 7000 Series Switches + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxU Workcell (Urinalysis) cves: cve-2021-4104: investigated: false @@ -12241,10 +12613,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12256,14 +12629,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure - (ACI) mode + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUc (Urinalysis) cves: cve-2021-4104: investigated: false @@ -12271,10 +12643,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12286,13 +12659,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Nexus Dashboard (formerly Cisco Application Services Engine) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUm (Urinalysis) cves: cve-2021-4104: investigated: false @@ -12300,10 +12673,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12315,13 +12689,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Nexus Data Broker + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HighFlexX Software (Microbiology) cves: cve-2021-4104: investigated: false @@ -12329,10 +12703,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12344,13 +12719,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Nexus Insights + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX (Hematology) cves: cve-2021-4104: investigated: false @@ -12358,10 +12733,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12373,13 +12749,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Optical Network Planner + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX AL (Hematology) cves: cve-2021-4104: investigated: false @@ -12387,10 +12763,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12402,13 +12779,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Packaged Contact Center Enterprise + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iChemVELOCITY (Urinalysis) cves: cve-2021-4104: investigated: false @@ -12416,10 +12793,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12431,13 +12809,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Paging Server + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: IMMAGE 800 (Nephelometry) cves: cve-2021-4104: investigated: false @@ -12445,10 +12823,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12460,13 +12839,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Paging Server (InformaCast) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Intelligent Sample Banking ISB (Lab Automation) cves: cve-2021-4104: investigated: false @@ -12474,10 +12853,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12489,13 +12869,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco PDSN/HA Packet Data Serving Node and Home Agent + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ipaw (Lab Automation) cves: cve-2021-4104: investigated: false @@ -12503,10 +12883,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12518,13 +12899,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco PGW Packet Data Network Gateway + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ Workcell (Urinalysis) cves: cve-2021-4104: investigated: false @@ -12532,10 +12913,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12547,13 +12929,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Policy Suite + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ200 (Urinalysis) cves: cve-2021-4104: investigated: false @@ -12561,10 +12943,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12576,13 +12959,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Prime Central for Service Providers + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iRICELL (Urinalysis) cves: cve-2021-4104: investigated: false @@ -12590,10 +12973,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12605,13 +12989,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Prime Collaboration Manager + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LabPro Workstation and Database Computers Provided by Beckman Coulter + (Microbiology) cves: cve-2021-4104: investigated: false @@ -12619,8 +13004,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -12634,13 +13020,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: The only known instance of vulnerability due to Log4J is using Axeda services references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Prime Collaboration Provisioning + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH 500 (Hematology) cves: cve-2021-4104: investigated: false @@ -12648,10 +13034,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12663,13 +13050,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Prime Infrastructure + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidemaker (Hematology) cves: cve-2021-4104: investigated: false @@ -12677,10 +13064,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12692,13 +13080,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Prime License Manager + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidestraine (Hematology) cves: cve-2021-4104: investigated: false @@ -12706,10 +13094,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12721,13 +13110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Prime Network + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH750 (Hematology) cves: cve-2021-4104: investigated: false @@ -12735,10 +13124,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12750,13 +13140,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Prime Optical for Service Providers + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH780 (Hematology) cves: cve-2021-4104: investigated: false @@ -12764,10 +13154,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12779,13 +13170,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Prime Provisioning + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH785 (Hematology) cves: cve-2021-4104: investigated: false @@ -12793,10 +13184,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12808,13 +13200,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Prime Service Catalog + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: MicroScan autoSCAN-4 (Microbiology) cves: cve-2021-4104: investigated: false @@ -12822,10 +13214,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12837,13 +13230,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Registered Envelope Service + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7300 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -12851,10 +13244,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12866,13 +13260,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco SD-WAN vEdge 1000 Series Routers + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7400 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -12880,10 +13274,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12895,13 +13290,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco SD-WAN vEdge 2000 Series Routers + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Express (Lab Automation) cves: cve-2021-4104: investigated: false @@ -12909,10 +13304,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12924,13 +13320,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco SD-WAN vEdge 5000 Series Routers + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Link (Lab Automation) cves: cve-2021-4104: investigated: false @@ -12938,10 +13334,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12953,13 +13350,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco SD-WAN vEdge Cloud Router Platform + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Processor (Lab Automation) cves: cve-2021-4104: investigated: false @@ -12967,10 +13364,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12982,13 +13380,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco SD-WAN vManage + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PROService (Information Systems) cves: cve-2021-4104: investigated: false @@ -12996,10 +13394,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13011,13 +13410,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Secure Network Analytics (SNA), formerly Stealthwatch + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: RAP Box (Information Systems) cves: cve-2021-4104: investigated: false @@ -13025,10 +13424,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13040,13 +13440,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco SocialMiner + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: REMISOL ADVANCE (Information Systems) cves: cve-2021-4104: investigated: false @@ -13054,10 +13454,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13069,13 +13470,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco System Architecture Evolution Gateway (SAEGW) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Sorting Drive (Lab Automation) cves: cve-2021-4104: investigated: false @@ -13083,10 +13484,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13098,13 +13500,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco TelePresence Management Suite + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 600 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -13112,10 +13514,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13127,13 +13530,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco UCS Director + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 800 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -13141,10 +13544,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13156,13 +13560,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco UCS Performance Manager + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 600 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -13170,10 +13574,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13185,13 +13590,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Umbrella + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 800 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -13199,10 +13604,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13214,13 +13620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Unified Attendant Console Advanced + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 plus (Microbiology) cves: cve-2021-4104: investigated: false @@ -13228,10 +13634,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13243,13 +13650,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Unified Attendant Console Business Edition + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 SI (Microbiology) cves: cve-2021-4104: investigated: false @@ -13257,10 +13664,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13272,13 +13680,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Unified Attendant Console Department Edition + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 plus (Microbiology) cves: cve-2021-4104: investigated: false @@ -13286,10 +13694,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13301,13 +13710,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Unified Attendant Console Enterprise Edition + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 SI (Microbiology) cves: cve-2021-4104: investigated: false @@ -13315,10 +13724,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13330,13 +13740,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Unified Attendant Console Premium Edition + last_updated: '2022-01-31T00:00:00' + - vendor: Beijer Electronics + product: acirro+ cves: cve-2021-4104: investigated: false @@ -13359,13 +13769,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Unified Communications Manager Cloud + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: BFI frequency inverters cves: cve-2021-4104: investigated: false @@ -13388,13 +13798,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Unified Contact Center Enterprise + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: BSD servo drives cves: cve-2021-4104: investigated: false @@ -13417,13 +13827,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Unified Contact Center Enterprise - Live Data server + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: CloudVPN cves: cve-2021-4104: investigated: false @@ -13446,13 +13856,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Unified Contact Center Express + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: FnIO-G and M Distributed IO cves: cve-2021-4104: investigated: false @@ -13475,13 +13885,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Unified Intelligent Contact Management Enterprise + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: iX Developer cves: cve-2021-4104: investigated: false @@ -13504,13 +13914,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Unified SIP Proxy Software + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: Nexto modular PLC cves: cve-2021-4104: investigated: false @@ -13533,13 +13943,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Video Surveillance Operations Manager + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: Nexto Xpress compact controller cves: cve-2021-4104: investigated: false @@ -13562,13 +13972,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: WARP Engineering Studio cves: cve-2021-4104: investigated: false @@ -13591,13 +14001,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Virtualized Voice Browser + last_updated: '2021-12-22T00:00:00' + - vendor: Bender + product: '' cves: cve-2021-4104: investigated: false @@ -13620,13 +14030,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.bender.de/en/cert notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Vision Dynamic Signage Director + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response + (RTIR) + product: '' cves: cve-2021-4104: investigated: false @@ -13649,13 +14060,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco WAN Automation Engine (WAE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BeyondTrust + product: Privilege Management Cloud cves: cve-2021-4104: investigated: false @@ -13663,10 +14074,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Unknown + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust + product: Privilege Management Reporting in BeyondInsight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '21.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13678,13 +14120,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Web Security Appliance (WSA) + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust + product: Secure Remote Access appliances + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Unknown + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust Bomgar + product: '' cves: cve-2021-4104: investigated: false @@ -13707,13 +14179,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Webex Cloud-Connected UC (CCUC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BioMerieux + product: '' cves: cve-2021-4104: investigated: false @@ -13736,13 +14208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.biomerieux.com/en/cybersecurity-data-privacy notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Webex Meetings Server + last_updated: '2021-12-22T00:00:00' + - vendor: BisectHosting + product: '' cves: cve-2021-4104: investigated: false @@ -13765,13 +14237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Webex Teams + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BitDefender + product: '' cves: cve-2021-4104: investigated: false @@ -13794,13 +14266,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Wide Area Application Services (WAAS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BitNami By VMware + product: '' cves: cve-2021-4104: investigated: false @@ -13823,13 +14295,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://docs.bitnami.com/general/security/security-2021-12-10/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Duo + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BitRise + product: '' cves: cve-2021-4104: investigated: false @@ -13852,13 +14324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: DUO network gateway (on-prem/self-hosted) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Bitwarden + product: '' cves: cve-2021-4104: investigated: false @@ -13880,13 +14352,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: duo network gateway (on-prem/self-hosted) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Biztory + product: Fivetran cves: cve-2021-4104: investigated: false @@ -13908,13 +14381,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.biztory.com/blog/apache-log4j2-vulnerability notes: '' references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Exony Virtualized Interaction Manager (VIM) + - Vendor review indicated Fivetran is not vulnerable to Log4j2 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Black Kite + product: '' cves: cve-2021-4104: investigated: false @@ -13937,13 +14411,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Managed Services Accelerator (MSX) Network Access Control Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Blancco + product: '' cves: cve-2021-4104: investigated: false @@ -13966,13 +14440,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Citrix - product: Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Blumira + product: '' cves: cve-2021-4104: investigated: false @@ -13980,11 +14454,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13996,17 +14469,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://www.blumira.com/cve-2021-44228-log4shell/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Application Delivery Management (NetScaler MAS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Bladelogic Database Automation cves: cve-2021-4104: investigated: false @@ -14014,11 +14483,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14030,17 +14498,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Cloud Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops cves: cve-2021-4104: investigated: false @@ -14063,17 +14527,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Connector Appliance for Cloud Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Products cves: cve-2021-4104: investigated: false @@ -14096,18 +14556,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for - Windows, Citrix Files for Mac, Citrix Files for Outlook + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware cves: cve-2021-4104: investigated: false @@ -14130,17 +14585,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Endpoint Management (Citrix XenMobile Server) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Automation Console cves: cve-2021-4104: investigated: false @@ -14163,21 +14614,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised - to apply the latest CEM rolling patch updates listed below as soon as possible - to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); - [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); - and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). - Note: Customers who have upgraded their XenMobile Server to the updated versions - are recommended not to apply the responder policy mentioned in the blog listed - below to the Citrix ADC vserver in front of the XenMobile Server as it may impact - the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Hypervisor (XenServer) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Business Workflows cves: cve-2021-4104: investigated: false @@ -14200,17 +14643,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix License Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Client Management cves: cve-2021-4104: investigated: false @@ -14233,17 +14672,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix SD-WAN + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Cloud Cost cves: cve-2021-4104: investigated: false @@ -14251,11 +14686,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14267,17 +14701,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Cloud Security cves: cve-2021-4104: investigated: false @@ -14300,20 +14730,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Workspace App + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix CMDB cves: cve-2021-4104: investigated: false @@ -14321,11 +14744,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14337,17 +14759,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: ShareFile Storage Zones Controller + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Continuous Optimization cves: cve-2021-4104: investigated: false @@ -14370,17 +14788,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Claris - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Control-M cves: cve-2021-4104: investigated: false @@ -14403,13 +14817,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: AM2CM Tool + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Digital Workplace cves: cve-2021-4104: investigated: false @@ -14432,13 +14846,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Ambari + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Discovery cves: cve-2021-4104: investigated: false @@ -14446,42 +14860,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 2.x - - 1.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Arcadia Enterprise - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - Only version 7.1.x - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14493,13 +14875,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: CDH, HDP, and HDF + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix ITSM cves: cve-2021-4104: investigated: false @@ -14507,9 +14889,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only version 6.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14523,13 +14904,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: CDP Operational Database (COD) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Knowledge Management cves: cve-2021-4104: investigated: false @@ -14552,13 +14933,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: CDP Private Cloud Base + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Operations Management with AIOps cves: cve-2021-4104: investigated: false @@ -14566,41 +14947,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only version 7.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: CDS 3 Powered by Apache Spark - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All versions - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14612,13 +14962,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: CDS 3.2 for GPUs + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Platform cves: cve-2021-4104: investigated: false @@ -14626,9 +14976,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14642,13 +14991,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Cybersecurity Platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix platform cves: cve-2021-4104: investigated: false @@ -14656,9 +15005,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14672,13 +15020,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Data Engineering (CDE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Remediate cves: cve-2021-4104: investigated: false @@ -14701,13 +15049,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Data Engineering (CDE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Remediate cves: cve-2021-4104: investigated: false @@ -14715,9 +15063,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14731,13 +15078,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Data Flow (CFM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Remedyforce cves: cve-2021-4104: investigated: false @@ -14760,13 +15107,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Data Science Workbench (CDSW) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Virtual Agent cves: cve-2021-4104: investigated: false @@ -14774,10 +15121,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 2.x - - 3.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14791,13 +15136,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Data Visualization (CDV) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Cloud Lifecycle Management cves: cve-2021-4104: investigated: false @@ -14820,13 +15165,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Data Warehouse (CDW) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Control-M cves: cve-2021-4104: investigated: false @@ -14849,13 +15194,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Data Warehouse (CDW) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Footprints cves: cve-2021-4104: investigated: false @@ -14863,9 +15208,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14879,13 +15223,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera DataFlow (CDF) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: MainView Middleware Administrator cves: cve-2021-4104: investigated: false @@ -14908,13 +15252,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Edge Management (CEM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: MainView Middleware Monitor cves: cve-2021-4104: investigated: false @@ -14922,9 +15266,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14938,13 +15281,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Enterprise + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Remedy ITSM (IT Service Management) cves: cve-2021-4104: investigated: false @@ -14952,9 +15295,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only version 6.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14968,13 +15310,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Flow Management (CFM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: SmartIT cves: cve-2021-4104: investigated: false @@ -14982,9 +15324,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14998,13 +15339,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Machine Learning (CML) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Track-It! cves: cve-2021-4104: investigated: false @@ -15027,13 +15368,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Machine Learning (CML) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: TrueSight Automation for Networks cves: cve-2021-4104: investigated: false @@ -15041,9 +15382,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15057,14 +15397,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication - Manager) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: TrueSight Automation for Servers cves: cve-2021-4104: investigated: false @@ -15072,9 +15411,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15088,14 +15426,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication - Manager) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: TrueSight Capacity Optimization cves: cve-2021-4104: investigated: false @@ -15103,11 +15440,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 7.0.x - - 7.1.x - - 7.2.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15121,13 +15455,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Manager (Including Backup Disaster Recovery (BDR)) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: TrueSight Infrastructure Management cves: cve-2021-4104: investigated: false @@ -15150,13 +15484,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: TrueSight Operations Management cves: cve-2021-4104: investigated: false @@ -15164,11 +15498,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 7.0.x - - 7.1.x - - 7.2.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15182,13 +15513,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Stream Processing (CSP) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: TrueSight Orchestration cves: cve-2021-4104: investigated: false @@ -15196,9 +15527,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15212,13 +15542,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Streaming Analytics (CSA) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Bosch + product: '' cves: cve-2021-4104: investigated: false @@ -15241,13 +15571,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Cloudera Streaming Analytics (CSA) + last_updated: '2021-12-22T00:00:00' + - vendor: Boston Scientific + product: '' cves: cve-2021-4104: investigated: false @@ -15270,13 +15600,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Data Analytics Studio (DAS) + last_updated: '2021-12-20T00:00:00' + - vendor: Box + product: '' cves: cve-2021-4104: investigated: false @@ -15299,13 +15629,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://blog.box.com/boxs-statement-recent-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Data Catalog + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Brainworks + product: '' cves: cve-2021-4104: investigated: false @@ -15328,13 +15658,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://www.brainworks.de/log4j-exploit-kerio-connect-workaround/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Data Lifecycle Manager (DLM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BrightSign + product: '' cves: cve-2021-4104: investigated: false @@ -15357,13 +15687,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://brightsign.atlassian.net/wiki/spaces/DOC/pages/370679198/Security+Statement+Log4J+Meltdown+and+Spectre+Vulnerabilities#SecurityStatement%3ALog4J%2CMeltdownandSpectreVulnerabilities-JavaApacheLog4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Data Steward Studio (DSS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Advanced Secure Gateway (ASG) cves: cve-2021-4104: investigated: false @@ -15371,9 +15701,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15387,13 +15716,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Hortonworks Data Flow (HDF) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Automic Automation cves: cve-2021-4104: investigated: false @@ -15416,13 +15745,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://knowledge.broadcom.com/external/article?articleId=230308 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Hortonworks Data Platform (HDP) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: BCAAA cves: cve-2021-4104: investigated: false @@ -15430,11 +15759,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 7.1.x - - 2.7.x - - 2.6.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15448,13 +15774,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Hortonworks DataPlane Platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: CA Advanced Authentication cves: cve-2021-4104: investigated: false @@ -15462,8 +15788,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '9.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15476,14 +15803,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Management Console + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: CA Risk Authentication cves: cve-2021-4104: investigated: false @@ -15491,9 +15817,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15506,14 +15831,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Management Console for CDP Public Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: CA Strong Authentication cves: cve-2021-4104: investigated: false @@ -15535,14 +15859,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Replication Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Cloud Workload Protection (CWP) cves: cve-2021-4104: investigated: false @@ -15565,13 +15888,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: SmartSense + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Cloud Workload Protection for Storage (CWP:S) cves: cve-2021-4104: investigated: false @@ -15594,13 +15917,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Workload Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: CloudSOC Cloud Access Security Broker (CASB) cves: cve-2021-4104: investigated: false @@ -15623,13 +15946,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Workload XM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Content Analysis (CA) cves: cve-2021-4104: investigated: false @@ -15637,9 +15960,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15653,13 +15975,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudera - product: Workload XM (SaaS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Critical System Protection (CSP) cves: cve-2021-4104: investigated: false @@ -15682,13 +16004,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: CloudFlare - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Data Center Security (DCS) cves: cve-2021-4104: investigated: false @@ -15711,13 +16033,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudian HyperStore - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Data Loss Prevention (DLP) cves: cve-2021-4104: investigated: false @@ -15740,13 +16062,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloudian-support.force.com/s/article/SECURITY-Cloudian-HyperStore-Log4j-vulnerability-CVE-2021-44228 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudogu - product: Ecosystem + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Email Security Service (ESS) cves: cve-2021-4104: investigated: false @@ -15754,9 +16076,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15770,13 +16091,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.cloudogu.com/t/security-vulnerability-log4shell-cve-2021-44228/417 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudogu - product: SCM-Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Ghost Solution Suite (GSS) cves: cve-2021-4104: investigated: false @@ -15799,13 +16120,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cloudron - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: HSM Agent cves: cve-2021-4104: investigated: false @@ -15828,13 +16149,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.cloudron.io/topic/6153/log4j-and-log4j2-library-vulnerability?lang=en-US + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Clover - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Industrial Control System Protection (ICSP) cves: cve-2021-4104: investigated: false @@ -15857,13 +16178,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.clover.com/articles/35868/apache-log4j-vulnerability-cve-2021-44228.html + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Code42 - product: Code42 App + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Integrated Cyber Defense Manager (ICDm) cves: cve-2021-4104: investigated: false @@ -15871,10 +16192,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 8.8.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -15887,13 +16207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Code42 - product: Crashplan + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Integrated Secure Gateway (ISG) cves: cve-2021-4104: investigated: false @@ -15901,11 +16221,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '8.8' - - possibly prior versions + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -15918,14 +16236,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates - notes: I think, they don't specify in the notice, but we know that they released - an updated Crashplan client. Possibly prior versions affected. + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: CodeBeamer - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: IT Management Suite cves: cve-2021-4104: investigated: false @@ -15948,13 +16265,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://codebeamer.com/cb/wiki/19872365 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Codesys - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Layer7 API Developer Portal cves: cve-2021-4104: investigated: false @@ -15977,13 +16294,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.codesys.com/news-events/news/article/log4j-not-used-in-codesys.html + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cohesity - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Layer7 API Gateway cves: cve-2021-4104: investigated: false @@ -16006,13 +16323,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.cohesity.com/s/article/Security-Advisory-Apache-Log4j-Remote-Code-Execution-RCE-CVE-2021-44228 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: CommVault - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Layer7 Mobile API Gateway cves: cve-2021-4104: investigated: false @@ -16035,13 +16352,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Concourse - product: Concourse + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Management Center (MC) cves: cve-2021-4104: investigated: false @@ -16064,13 +16381,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/concourse/concourse/discussions/7887 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: ConcreteCMS.com - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: PacketShaper (PS) S-Series cves: cve-2021-4104: investigated: false @@ -16093,13 +16410,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Confluent - product: Confluent Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: PolicyCenter (PC) S-Series cves: cve-2021-4104: investigated: false @@ -16107,10 +16424,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -16123,13 +16439,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent ElasticSearch Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Privileged Access Manager cves: cve-2021-4104: investigated: false @@ -16137,9 +16453,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <11.1.7 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16153,13 +16468,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent for Kubernetes + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Privileged Access Manager Server Control cves: cve-2021-4104: investigated: false @@ -16167,11 +16482,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16183,13 +16497,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent Google DataProc Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Privileged Identity Manager cves: cve-2021-4104: investigated: false @@ -16197,9 +16511,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <1.1.5 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16213,13 +16526,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent HDFS 2 Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: ProxySG cves: cve-2021-4104: investigated: false @@ -16227,9 +16540,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <10.1.3 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16243,13 +16555,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent HDFS 3 Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Reporter cves: cve-2021-4104: investigated: false @@ -16257,9 +16569,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <1.1.8 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16273,13 +16584,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent Kafka Connectors + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Secure Access Cloud (SAC) cves: cve-2021-4104: investigated: false @@ -16287,11 +16598,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16303,13 +16613,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent Platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Security Analytics (SA) cves: cve-2021-4104: investigated: false @@ -16317,9 +16627,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <7.0.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16333,13 +16642,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent Splunk Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: SiteMinder (CA Single Sign-On) cves: cve-2021-4104: investigated: false @@ -16347,9 +16656,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <2.05 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16363,13 +16671,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent VMWare Tanzu GemFire Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: SSL Visibility (SSLV) cves: cve-2021-4104: investigated: false @@ -16377,9 +16685,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <1.0.8 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16393,13 +16700,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Connect2id - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Symantec Control Compliance Suite (CCS) cves: cve-2021-4104: investigated: false @@ -16422,13 +16729,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://connect2id.com/blog/connect2id-server-12-5-1 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: ConnectWise - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Symantec Directory cves: cve-2021-4104: investigated: false @@ -16451,13 +16758,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.connectwise.com/company/trust/advisories + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: ContrastSecurity - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Symantec Endpoint Detection and Response (EDR) cves: cve-2021-4104: investigated: false @@ -16480,13 +16787,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.contrastsecurity.com/hc/en-us/articles/4412612486548 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: ControlUp - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Symantec Endpoint Encryption (SEE) cves: cve-2021-4104: investigated: false @@ -16509,13 +16816,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.controlup.com/incidents/qqyvh7b1dz8k + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: COPADATA - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Symantec Endpoint Protection (SEP) cves: cve-2021-4104: investigated: false @@ -16538,13 +16845,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.copadata.com/fileadmin/user_upload/faq/files/InformationReport_CVE_2021_44228.pdf + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: CouchBase - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Symantec Endpoint Protection (SEP) for Mobile cves: cve-2021-4104: investigated: false @@ -16567,13 +16874,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: CPanel - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Symantec Endpoint Protection Manager (SEPM) cves: cve-2021-4104: investigated: false @@ -16581,8 +16888,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '14.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16596,13 +16904,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cradlepoint - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Symantec Identity Governance and Administration (IGA) cves: cve-2021-4104: investigated: false @@ -16625,13 +16933,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cradlepoint.com/vulnerability-alerts/cve-2021-44228-apache-log4j-security-vulnerabilities/ + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Crestron - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Symantec Mail Security for Microsoft Exchange (SMSMSE) cves: cve-2021-4104: investigated: false @@ -16654,13 +16962,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.crestron.com/Security/Security_Advisories/Apache-Log4j + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: CrushFTP - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Symantec Messaging Gateway (SMG) cves: cve-2021-4104: investigated: false @@ -16683,13 +16991,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.crushftp.com/download.html + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: CryptShare - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Symantec PGP Solutions cves: cve-2021-4104: investigated: false @@ -16712,13 +17020,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.cryptshare.com/en/support/cryptshare-support/#c67572 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: CyberArk - product: Privileged Threat Analytics (PTA) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Symantec Protection Engine (SPE) cves: cve-2021-4104: investigated: false @@ -16726,10 +17034,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -16742,14 +17049,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - - This advisory is available to customers only and has not been reviewed by - CISA. - last_updated: '2021-12-14T00:00:00' - - vendor: Cybereason - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Symantec Protection for SharePoint Servers (SPSS) cves: cve-2021-4104: investigated: false @@ -16772,13 +17078,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: CyberRes - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: VIP cves: cve-2021-4104: investigated: false @@ -16801,13 +17107,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Daktronics - product: All Sport Pro + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: VIP Authentication Hub cves: cve-2021-4104: investigated: false @@ -16830,13 +17136,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dakronics Media Player + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Web Isolation (WI) cves: cve-2021-4104: investigated: false @@ -16844,11 +17150,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - DMP (any series) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16860,13 +17165,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dakronics Web Player + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Web Security Service (WSS) cves: cve-2021-4104: investigated: false @@ -16875,8 +17180,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - DWP-1000 + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16890,14 +17194,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DWP-1000: Not present in our codebase, but awaiting confirmation from - LG re: webOS platform.' + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Data Vision Software (DVS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: WebPulse cves: cve-2021-4104: investigated: false @@ -16920,14 +17223,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 - notes: DVS has one microservice that uses Log4j, but it uses a version that is - not impacted. + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dynamic Messaging System (DMS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: C4b XPHONE + product: '' cves: cve-2021-4104: investigated: false @@ -16950,13 +17252,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://www.c4b.com/de/news/log4j.php notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dynamic Messaging System - DMS Core Player + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Campbell Scientific + product: All cves: cve-2021-4104: investigated: false @@ -16964,11 +17266,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - P10 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16980,13 +17281,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://s.campbellsci.com/documents/us/miscellaneous/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dynamic Messaging System - DMS Player hardware + last_updated: '2021-12-23T00:00:00' + - vendor: Camunda + product: '' cves: cve-2021-4104: investigated: false @@ -16994,17 +17295,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - AMP-R200 - - AMP-R400 - - AMP-R800 - - AMP-SM100 - - AMP-SE100 - - AMP-SM200 - - AMP-SM400 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17016,13 +17310,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dynamic Messaging System - DMS Web Player + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Canary Labs + product: All cves: cve-2021-4104: investigated: false @@ -17045,14 +17339,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DMS Web Player: Not present in our codebase, but awaiting confirmation - from LG re: webOS platform.' + - https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability + notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: IBoot - Dataprobe IBoot Devices + last_updated: '2021-12-22T00:00:00' + - vendor: Canon + product: Canon DR Products CXDI_NE) cves: cve-2021-4104: investigated: false @@ -17064,11 +17357,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - A-3257 - - '3256' - - '2270' - - '2269' - - '1978' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -17080,13 +17369,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 - notes: '' + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: Such as Omnera, FlexPro, Soltus references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Outdoor Smartlink Devices + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: CT Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -17098,13 +17387,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - A-3189335 - - '3128' - - '3416' - - '3418' - - '3707' - - '3708' - - '3709' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -17116,13 +17399,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Routers - Cisco Meraki Z3/Z3c Routers + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: Eye-Care Products cves: cve-2021-4104: investigated: false @@ -17134,7 +17417,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - A-4036028 + - All cve-2021-45046: investigated: false affected_versions: [] @@ -17146,13 +17429,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Routers - Cisco Z1 Routers + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: MR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -17164,7 +17447,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - A-3665 + - All cve-2021-45046: investigated: false affected_versions: [] @@ -17176,13 +17459,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Routers - Sierra Wireless RV50x/RV50 + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: NM Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -17190,11 +17473,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - A-3350704 + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -17206,13 +17489,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Show Control System (SCS) + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: UL Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -17220,10 +17503,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -17235,13 +17519,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Vanguard + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: Vitrea Advanced 7.x cves: cve-2021-4104: investigated: false @@ -17249,8 +17533,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17264,13 +17549,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Venus 1500 + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: VL Alphenix Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -17278,8 +17563,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17293,13 +17579,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Venus Control Suite (VCS) + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: VL Infinix-i Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -17307,10 +17593,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -17322,13 +17609,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Video Image Processors + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: XR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -17340,7 +17627,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - VIP-5060/VIP-5160/VIP-4060 + - All cve-2021-45046: investigated: false affected_versions: [] @@ -17352,13 +17639,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Webcam - Mobotix + last_updated: '2022-02-02T00:00:00' + - vendor: CapStorm + product: Copystorm cves: cve-2021-4104: investigated: false @@ -17366,13 +17653,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - A-2242 - - A-3127 - - A-3719 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17383,13 +17667,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: DarkTrace + last_updated: '2021-12-22T00:00:00' + - vendor: CarbonBlack product: '' cves: cve-2021-4104: @@ -17413,12 +17696,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://customerportal.darktrace.com/inside-the-soc/get-article/201 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Dassault Systèmes + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Carestream product: '' cves: cve-2021-4104: @@ -17442,12 +17725,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e + - https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Databricks + last_updated: '2021-12-20T00:00:00' + - vendor: Carrier product: '' cves: cve-2021-4104: @@ -17471,13 +17754,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub + - https://www.corporate.carrier.com/product-security/advisories-resources/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Datadog - product: Datadog Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CAS genesisWorld + product: '' cves: cve-2021-4104: investigated: false @@ -17485,13 +17768,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '>=6.17.0' - - <=6.32.2 - - '>=7.17.0' - - <=7.32.2 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -17504,12 +17783,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.datadoghq.com/log4j-vulnerability/ + - https://helpdesk.cas.de/CASHelpdesk/FAQDetails.aspx?gguid=0x79F9E881EE3C46C1A71BE9EB3E480446 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Dataminer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cato Networks product: '' cves: cve-2021-4104: @@ -17533,13 +17812,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.dataminer.services/responding-to-log4shell-vulnerability/ + - https://www.catonetworks.com/blog/cato-networks-rapid-response-to-the-apache-log4j-remote-code-execution-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Datev - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cepheid + product: C360 cves: cve-2021-4104: investigated: false @@ -17562,13 +17841,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308 + - https://www.cepheid.com/en_US/legal/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Datto - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Cepheid + product: GeneXpert cves: cve-2021-4104: investigated: false @@ -17591,12 +17870,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.datto.com/blog/dattos-response-to-log4shell + - https://www.cepheid.com/en_US/legal/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: dCache.org + last_updated: '2021-12-20T00:00:00' + - vendor: Cerberus FTP product: '' cves: cve-2021-4104: @@ -17620,13 +17899,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dcache.org/post/log4j-vulnerability/ + - https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Debian - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Chaser Systems + product: discrimiNAT Firewall cves: cve-2021-4104: investigated: false @@ -17634,10 +17913,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -17649,13 +17929,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security-tracker.debian.org/tracker/CVE-2021-44228 + - https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/#are-chasers-products-affected notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Deepinstinct - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Check Point + product: CloudGuard cves: cve-2021-4104: investigated: false @@ -17663,10 +17943,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -17678,13 +17959,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Dell - product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Check Point + product: Harmony Endpoint & Harmony Mobile cves: cve-2021-4104: investigated: false @@ -17696,7 +17977,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: investigated: false affected_versions: [] @@ -17708,13 +17989,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Check Point + product: Infinity Portal cves: cve-2021-4104: investigated: false @@ -17722,11 +18003,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17738,13 +18018,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware Command Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Check Point + product: Quantum Security Gateway cves: cve-2021-4104: investigated: false @@ -17756,7 +18036,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: investigated: false affected_versions: [] @@ -17768,13 +18048,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware OC Controls + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Check Point + product: Quantum Security Management cves: cve-2021-4104: investigated: false @@ -17786,7 +18066,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: investigated: false affected_versions: [] @@ -17798,13 +18078,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + - https://supportcontent.checkpoint.com/solutions?id=sk176865 + notes: Where used, uses the 1.8.0\_u241 version of the JRE that protects against + this attack by default. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware On Screen Display + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Check Point + product: SMB cves: cve-2021-4104: investigated: false @@ -17816,7 +18097,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: investigated: false affected_versions: [] @@ -17828,13 +18109,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware Update + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Check Point + product: ThreatCloud cves: cve-2021-4104: investigated: false @@ -17842,11 +18123,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17858,13 +18138,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: APEX Console + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CheckMK + product: '' cves: cve-2021-4104: investigated: false @@ -17872,10 +18152,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -17888,13 +18167,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + - https://forum.checkmk.com/t/checkmk-not-affected-by-log4shell/28643/3 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: APEX Data Storage Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ciphermail + product: '' cves: cve-2021-4104: investigated: false @@ -17917,13 +18196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patch in progress + - https://www.ciphermail.com/blog/ciphermail-gateway-and-webmail-messenger-are-not-vulnerable-to-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Atmos + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CircleCI + product: CircleCI cves: cve-2021-4104: investigated: false @@ -17931,11 +18210,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17947,13 +18225,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://discuss.circleci.com/t/circleci-log4j-information-cve-2021-4422 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Azure Stack HCI + last_updated: '2021-12-21T00:00:00' + - vendor: CIS + product: '' cves: cve-2021-4104: investigated: false @@ -17961,11 +18239,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17977,13 +18254,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://cisecurity.atlassian.net/servicedesk/customer/portal/15/article/2434301961 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: CalMAN Powered Calibration Firmware + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: AppDynamics cves: cve-2021-4104: investigated: false @@ -17991,11 +18268,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18007,13 +18283,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: CalMAN Ready for Dell + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco ACI Multi-Site Orchestrator cves: cve-2021-4104: investigated: false @@ -18021,11 +18297,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18037,13 +18312,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Centera + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco ACI Virtual Edge cves: cve-2021-4104: investigated: false @@ -18051,11 +18326,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18067,13 +18341,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Chameleon Linux Based Diagnostics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Adaptive Security Appliance (ASA) Software cves: cve-2021-4104: investigated: false @@ -18081,11 +18355,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18097,13 +18370,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Chassis Management Controller (CMC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Advanced Web Security Reporting Application cves: cve-2021-4104: investigated: false @@ -18111,11 +18384,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18127,13 +18399,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: China HDD Deluxe + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco AMP Virtual Private Cloud Appliance cves: cve-2021-4104: investigated: false @@ -18141,11 +18413,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18157,13 +18428,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Cloud IQ + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco AnyConnect Secure Mobility Client cves: cve-2021-4104: investigated: false @@ -18186,13 +18457,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Cloud Mobility for Dell EMC Storage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Application Policy Infrastructure Controller (APIC) cves: cve-2021-4104: investigated: false @@ -18200,11 +18471,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18216,13 +18486,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Cloud Tiering Appliance + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco ASR 5000 Series Routers cves: cve-2021-4104: investigated: false @@ -18230,11 +18500,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18246,13 +18515,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Connectrix (Cisco MDS 9000 switches) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Broadcloud Calling cves: cve-2021-4104: investigated: false @@ -18260,11 +18529,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18276,13 +18544,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Connectrix (Cisco MDS DCNM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco BroadWorks cves: cve-2021-4104: investigated: false @@ -18305,13 +18573,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Connectrix B-Series SANnav + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Catalyst 9800 Series Wireless Controllers cves: cve-2021-4104: investigated: false @@ -18319,9 +18587,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2.1.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -18335,13 +18602,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 3/31/2022 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Connextrix B Series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco CloudCenter Suite Admin cves: cve-2021-4104: investigated: false @@ -18349,11 +18616,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18365,13 +18631,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: CyberSecIQ Application + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco CloudCenter Workload Manager cves: cve-2021-4104: investigated: false @@ -18379,11 +18645,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18395,13 +18660,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: CyberSense for PowerProtect Cyber Recovery + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Cognitive Intelligence cves: cve-2021-4104: investigated: false @@ -18409,11 +18674,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18425,13 +18689,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Data Domain OS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Common Services Platform Collector cves: cve-2021-4104: investigated: false @@ -18439,9 +18703,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -18455,13 +18718,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-274 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell BSAFE Crypto-C Micro Edition + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Computer Telephony Integration Object Server (CTIOS) cves: cve-2021-4104: investigated: false @@ -18469,11 +18732,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18485,13 +18747,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell BSAFE Crypto-J + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Connected Grid Device Manager cves: cve-2021-4104: investigated: false @@ -18499,11 +18761,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18515,13 +18776,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell BSAFE Micro Edition Suite + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Connected Mobile Experiences cves: cve-2021-4104: investigated: false @@ -18529,11 +18790,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18545,13 +18805,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Calibration Assistant + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Connectivity cves: cve-2021-4104: investigated: false @@ -18559,11 +18819,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18575,13 +18834,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Cinema Color + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Contact Center Domain Manager (CCDM) cves: cve-2021-4104: investigated: false @@ -18589,11 +18848,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18605,13 +18863,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Cloud Command Repository Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Contact Center Management Portal (CCMP) cves: cve-2021-4104: investigated: false @@ -18619,11 +18877,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18635,13 +18892,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Cloud Management Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Crosswork Change Automation cves: cve-2021-4104: investigated: false @@ -18649,11 +18906,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18665,13 +18921,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Color Management + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco CX Cloud Agent Software cves: cve-2021-4104: investigated: false @@ -18679,11 +18935,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18695,13 +18950,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Configure + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Data Center Network Manager (DCNM) cves: cve-2021-4104: investigated: false @@ -18709,11 +18964,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18725,13 +18979,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Integration Suite for System Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Defense Orchestrator cves: cve-2021-4104: investigated: false @@ -18739,11 +18993,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18755,13 +19008,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Intel vPro Out of Band + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco DNA Assurance cves: cve-2021-4104: investigated: false @@ -18769,11 +19022,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18785,13 +19037,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Monitor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco DNA Center cves: cve-2021-4104: investigated: false @@ -18799,11 +19051,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18815,13 +19066,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Power Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco DNA Spaces cves: cve-2021-4104: investigated: false @@ -18829,11 +19080,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18845,13 +19095,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command PowerShell Provider + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Elastic Services Controller (ESC) cves: cve-2021-4104: investigated: false @@ -18859,11 +19109,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18875,13 +19124,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Update + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Emergency Responder cves: cve-2021-4104: investigated: false @@ -18889,11 +19138,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18905,13 +19153,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Customer Connect + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Enterprise Chat and Email cves: cve-2021-4104: investigated: false @@ -18919,11 +19167,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18935,13 +19182,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Data Guardian* + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Enterprise NFV Infrastructure Software (NFVIS) cves: cve-2021-4104: investigated: false @@ -18949,11 +19196,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18965,13 +19211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Data Protection* + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Evolved Programmable Network Manager cves: cve-2021-4104: investigated: false @@ -18979,11 +19225,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18995,13 +19240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Data Recovery Environment + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Extensible Network Controller (XNC) cves: cve-2021-4104: investigated: false @@ -19009,11 +19254,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19025,13 +19269,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Data Vault + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Finesse cves: cve-2021-4104: investigated: false @@ -19039,11 +19283,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19055,13 +19298,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Data Vault for Chrome OS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Firepower Management Center cves: cve-2021-4104: investigated: false @@ -19069,11 +19312,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19085,13 +19327,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Deployment Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Firepower Threat Defense (FTD) cves: cve-2021-4104: investigated: false @@ -19099,11 +19341,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19115,13 +19356,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Digital Delivery + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco GGSN Gateway GPRS Support Node cves: cve-2021-4104: investigated: false @@ -19129,11 +19370,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19145,13 +19385,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Direct USB Key + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco HyperFlex System cves: cve-2021-4104: investigated: false @@ -19159,11 +19399,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19175,13 +19414,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Display Manager 1.5 for Windows / macOS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Identity Services Engine (ISE) cves: cve-2021-4104: investigated: false @@ -19189,11 +19428,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19205,13 +19443,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Display Manager 2.0 for Windows / macOS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Integrated Management Controller (IMC) Supervisor cves: cve-2021-4104: investigated: false @@ -19219,11 +19457,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19235,13 +19472,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC AppSync + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Intersight cves: cve-2021-4104: investigated: false @@ -19249,11 +19486,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19265,13 +19501,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Avamar + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Intersight Virtual Appliance cves: cve-2021-4104: investigated: false @@ -19279,9 +19515,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"18.2 19.1 19.2 19.3 19.4"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19295,13 +19530,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC BSN Controller Node + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco IOS and IOS XE Software cves: cve-2021-4104: investigated: false @@ -19324,13 +19559,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-305 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Cloud Disaster Recovery + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco IoT Field Network Director (formerly Cisco Connected Grid Network + Management System) cves: cve-2021-4104: investigated: false @@ -19338,9 +19574,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - N/A + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19354,13 +19589,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Cloudboost + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco IoT Operations Dashboard cves: cve-2021-4104: investigated: false @@ -19368,11 +19603,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19384,13 +19618,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC CloudLink + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco IOx Fog Director cves: cve-2021-4104: investigated: false @@ -19398,11 +19632,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19414,13 +19647,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Container Storage Modules + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco IP Services Gateway (IPSG) cves: cve-2021-4104: investigated: false @@ -19428,11 +19661,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19444,13 +19676,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Data Computing Appliance (DCA) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Kinetic for Cities cves: cve-2021-4104: investigated: false @@ -19458,11 +19690,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19474,13 +19705,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Data Protection Advisor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco MDS 9000 Series Multilayer Switches cves: cve-2021-4104: investigated: false @@ -19488,11 +19719,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19504,13 +19734,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Data Protection Central + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Meeting Server cves: cve-2021-4104: investigated: false @@ -19533,13 +19763,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021- 269 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Data Protection Search + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco MME Mobility Management Entity cves: cve-2021-4104: investigated: false @@ -19547,9 +19777,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Versions before 19.5.0.7 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19563,13 +19792,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-279 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC DataIQ + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Modeling Labs cves: cve-2021-4104: investigated: false @@ -19577,11 +19806,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19593,13 +19821,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Disk Library for Mainframe + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Network Assessment (CNA) Tool cves: cve-2021-4104: investigated: false @@ -19607,11 +19835,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19623,13 +19850,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC ECS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Network Assurance Engine cves: cve-2021-4104: investigated: false @@ -19652,13 +19879,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Enterprise Storage Analytics for vRealize Operations + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Network Convergence System 2000 Series cves: cve-2021-4104: investigated: false @@ -19666,9 +19893,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"<6.0.0 6.1.0 6.2.x"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19682,13 +19908,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-278 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC GeoDrive + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Network Planner cves: cve-2021-4104: investigated: false @@ -19696,11 +19922,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19712,13 +19937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Integrated System for Azure Stack HCI + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Network Services Orchestrator (NSO) cves: cve-2021-4104: investigated: false @@ -19726,9 +19951,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - N/A + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19742,17 +19966,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this - advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect - Gateway (SCG) were optionally installed with Dell EMC Integrated System for - Azure Stack HCI monitor the following advisories. Apply workaround guidance - and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Integrated System for Microsoft Azure Stack Hub + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Nexus 5500 Platform Switches cves: cve-2021-4104: investigated: false @@ -19760,9 +19980,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - N/A + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19776,13 +19995,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Isilon InsightIQ + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Nexus 5600 Platform Switches cves: cve-2021-4104: investigated: false @@ -19790,11 +20009,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19806,13 +20024,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC License Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Nexus 6000 Series Switches cves: cve-2021-4104: investigated: false @@ -19820,11 +20038,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19836,13 +20053,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Metro Node + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Nexus 7000 Series Switches cves: cve-2021-4104: investigated: false @@ -19850,9 +20067,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 7.0.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19866,13 +20082,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-308 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC NetWorker Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure + (ACI) mode cves: cve-2021-4104: investigated: false @@ -19880,9 +20097,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19896,13 +20112,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC NetWorker Virtual Edition + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Nexus Dashboard (formerly Cisco Application Services Engine) cves: cve-2021-4104: investigated: false @@ -19910,9 +20126,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19926,13 +20141,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Networking Onie + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Nexus Data Broker cves: cve-2021-4104: investigated: false @@ -19940,11 +20155,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19956,13 +20170,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Networking Virtual Edge Platform with VersaOS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Nexus Insights cves: cve-2021-4104: investigated: false @@ -19970,9 +20184,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19986,13 +20199,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-304 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC OpenManage Ansible Modules + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Optical Network Planner cves: cve-2021-4104: investigated: false @@ -20000,11 +20213,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20016,13 +20228,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC OpenManage integration for Splunk + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Packaged Contact Center Enterprise cves: cve-2021-4104: investigated: false @@ -20030,11 +20242,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20046,13 +20257,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC OpenManage Integration for VMware vCenter + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Paging Server cves: cve-2021-4104: investigated: false @@ -20060,11 +20271,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20076,13 +20286,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC OpenManage Management pack for vRealize Operations + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Paging Server (InformaCast) cves: cve-2021-4104: investigated: false @@ -20090,11 +20300,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20106,14 +20315,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge - Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco PDSN/HA Packet Data Serving Node and Home Agent cves: cve-2021-4104: investigated: false @@ -20121,11 +20329,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20137,13 +20344,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerFlex Appliance + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco PGW Packet Data Network Gateway cves: cve-2021-4104: investigated: false @@ -20151,10 +20358,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions - up to Intelligent Catalog 38_362_00_r7.zip"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -20168,13 +20373,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerFlex Rack + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Policy Suite cves: cve-2021-4104: investigated: false @@ -20182,9 +20387,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - N/A + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -20198,13 +20402,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerFlex Software (SDS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Prime Central for Service Providers cves: cve-2021-4104: investigated: false @@ -20212,9 +20416,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -20228,13 +20431,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerPath + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Prime Collaboration Manager cves: cve-2021-4104: investigated: false @@ -20242,11 +20445,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20258,13 +20460,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerPath Management Appliance + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Prime Collaboration Provisioning cves: cve-2021-4104: investigated: false @@ -20272,11 +20474,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20288,13 +20489,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerProtect Cyber Recovery + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Prime Infrastructure cves: cve-2021-4104: investigated: false @@ -20302,11 +20503,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20318,13 +20518,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerProtect Data Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Prime License Manager cves: cve-2021-4104: investigated: false @@ -20332,9 +20532,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions 19.9 and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -20348,13 +20547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerProtect DP Series Appliance (iDPA) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Prime Network cves: cve-2021-4104: investigated: false @@ -20362,9 +20561,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2.7.0 and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -20378,13 +20576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerScale OneFS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Prime Optical for Service Providers cves: cve-2021-4104: investigated: false @@ -20392,11 +20590,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20408,13 +20605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerShell for PowerMax + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Prime Provisioning cves: cve-2021-4104: investigated: false @@ -20422,11 +20619,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20438,13 +20634,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerShell for Powerstore + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Prime Service Catalog cves: cve-2021-4104: investigated: false @@ -20452,11 +20648,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20468,13 +20663,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerShell for Unity + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Registered Envelope Service cves: cve-2021-4104: investigated: false @@ -20482,11 +20677,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20498,13 +20692,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerStore + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco SD-WAN vEdge 1000 Series Routers cves: cve-2021-4104: investigated: false @@ -20527,13 +20721,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerVault MD3 Series Storage Arrays + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco SD-WAN vEdge 2000 Series Routers cves: cve-2021-4104: investigated: false @@ -20541,11 +20735,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20557,13 +20750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerVault ME4 Series Storage Arrays + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco SD-WAN vEdge 5000 Series Routers cves: cve-2021-4104: investigated: false @@ -20571,11 +20764,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20587,13 +20779,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC RecoverPoint Classic + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco SD-WAN vEdge Cloud Router Platform cves: cve-2021-4104: investigated: false @@ -20601,9 +20793,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All 5.1.x and later versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -20617,13 +20808,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC RecoverPoint for Virtual Machine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco SD-WAN vManage cves: cve-2021-4104: investigated: false @@ -20631,9 +20822,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All 5.0.x and later versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -20647,13 +20837,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Repository Manager (DRM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Secure Network Analytics (SNA), formerly Stealthwatch cves: cve-2021-4104: investigated: false @@ -20661,11 +20851,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20677,13 +20866,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Ruckus SmartZone 100 Controller + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco SocialMiner cves: cve-2021-4104: investigated: false @@ -20706,13 +20895,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Ruckus SmartZone 300 Controller + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco System Architecture Evolution Gateway (SAEGW) cves: cve-2021-4104: investigated: false @@ -20735,13 +20924,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Ruckus Virtual Software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco TelePresence Management Suite cves: cve-2021-4104: investigated: false @@ -20764,13 +20953,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC SourceOne + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco UCS Director cves: cve-2021-4104: investigated: false @@ -20778,11 +20967,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20794,13 +20982,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC SRM vApp + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco UCS Performance Manager cves: cve-2021-4104: investigated: false @@ -20808,9 +20996,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Versions before 4.6.0.2 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -20824,13 +21011,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/25/2022 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Streaming Data Platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Umbrella cves: cve-2021-4104: investigated: false @@ -20853,13 +21040,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Systems Update (DSU) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Unified Attendant Console Advanced cves: cve-2021-4104: investigated: false @@ -20867,11 +21054,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20883,13 +21069,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Unisphere 360 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Unified Attendant Console Business Edition cves: cve-2021-4104: investigated: false @@ -20897,11 +21083,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20913,13 +21098,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Unity + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Unified Attendant Console Department Edition cves: cve-2021-4104: investigated: false @@ -20942,13 +21127,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/29/21 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Virtual Storage Integrator + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Unified Attendant Console Enterprise Edition cves: cve-2021-4104: investigated: false @@ -20956,11 +21141,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20972,13 +21156,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC VPLEX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Unified Attendant Console Premium Edition cves: cve-2021-4104: investigated: false @@ -20986,11 +21170,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21002,13 +21185,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC VxRail + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Unified Communications Manager Cloud cves: cve-2021-4104: investigated: false @@ -21016,9 +21199,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"4.5.x 4.7.x 7.0.x"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -21032,13 +21214,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC XtremIO + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Unified Contact Center Enterprise cves: cve-2021-4104: investigated: false @@ -21046,11 +21228,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21062,13 +21243,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Encryption Enterprise* + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Unified Contact Center Enterprise - Live Data server cves: cve-2021-4104: investigated: false @@ -21076,11 +21257,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21092,13 +21272,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Encryption Personal* + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Unified Contact Center Express cves: cve-2021-4104: investigated: false @@ -21106,11 +21286,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21122,13 +21301,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Endpoint Security Suite Enterprise* + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Unified Intelligent Contact Management Enterprise cves: cve-2021-4104: investigated: false @@ -21136,11 +21315,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21152,13 +21330,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Hybrid Client + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Unified SIP Proxy Software cves: cve-2021-4104: investigated: false @@ -21166,11 +21344,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21182,13 +21359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell ImageAssist + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Video Surveillance Operations Manager cves: cve-2021-4104: investigated: false @@ -21196,11 +21373,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21212,13 +21388,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Insights Client + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM cves: cve-2021-4104: investigated: false @@ -21226,11 +21402,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21242,13 +21417,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Linux Assistant + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Virtualized Voice Browser cves: cve-2021-4104: investigated: false @@ -21256,11 +21431,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21272,13 +21446,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Mobile Connect + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Vision Dynamic Signage Director cves: cve-2021-4104: investigated: false @@ -21286,11 +21460,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21302,13 +21475,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Monitor ISP (Windows/Mac/Linux) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco WAN Automation Engine (WAE) cves: cve-2021-4104: investigated: false @@ -21316,11 +21489,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21332,13 +21504,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Monitor SDK + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Web Security Appliance (WSA) cves: cve-2021-4104: investigated: false @@ -21346,11 +21518,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21362,13 +21533,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Networking X-Series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Webex Cloud-Connected UC (CCUC) cves: cve-2021-4104: investigated: false @@ -21376,11 +21547,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21392,13 +21562,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Open Manage Mobile + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Webex Meetings Server cves: cve-2021-4104: investigated: false @@ -21406,11 +21576,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21422,13 +21591,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Open Manage Server Administrator + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Webex Teams cves: cve-2021-4104: investigated: false @@ -21436,11 +21605,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21452,13 +21620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Open Management Enterprise - Modular + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Wide Area Application Services (WAAS) cves: cve-2021-4104: investigated: false @@ -21466,9 +21634,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <1.40.10 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -21482,13 +21649,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-268 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell OpenManage Change Management + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Duo cves: cve-2021-4104: investigated: false @@ -21496,11 +21663,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21512,13 +21678,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell OpenManage Enterprise Power Manager Plugin + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: DUO network gateway (on-prem/self-hosted) cves: cve-2021-4104: investigated: false @@ -21526,11 +21692,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21541,14 +21706,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Optimizer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: duo network gateway (on-prem/self-hosted) cves: cve-2021-4104: investigated: false @@ -21556,11 +21720,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21571,14 +21734,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell OS Recovery Tool + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Exony Virtualized Interaction Manager (VIM) cves: cve-2021-4104: investigated: false @@ -21586,11 +21748,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21602,13 +21763,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Peripheral Manager 1.4 / 1.5 for Windows + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Managed Services Accelerator (MSX) Network Access Control Service cves: cve-2021-4104: investigated: false @@ -21616,11 +21777,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21632,13 +21792,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Platform Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Citrix + product: Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) cves: cve-2021-4104: investigated: false @@ -21650,25 +21810,27 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.citrix.com/article/CTX335705 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Power Manager + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Application Delivery Management (NetScaler MAS) cves: cve-2021-4104: investigated: false @@ -21680,25 +21842,27 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.citrix.com/article/CTX335705 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Power Manager Lite + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Cloud Connector cves: cve-2021-4104: investigated: false @@ -21710,25 +21874,27 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.citrix.com/article/CTX335705 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Precision Optimizer + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Connector Appliance for Cloud Services cves: cve-2021-4104: investigated: false @@ -21740,25 +21906,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.citrix.com/article/CTX335705 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Precision Optimizer for Linux + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Content Collaboration (ShareFile Integration)–Citrix Files for + Windows, Citrix Files for Mac, Citrix Files for Outlook cves: cve-2021-4104: investigated: false @@ -21770,25 +21939,27 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.citrix.com/article/CTX335705 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Premier Color + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Endpoint Management (Citrix XenMobile Server) cves: cve-2021-4104: investigated: false @@ -21798,27 +21969,35 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP3 + - 10.13 RP6 + - 10.12 RP11 unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.citrix.com/article/CTX335705 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Recovery (Linux) + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Hypervisor (XenServer) cves: cve-2021-4104: investigated: false @@ -21830,25 +22009,27 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.citrix.com/article/CTX335705 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Remediation Platform + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix License Server cves: cve-2021-4104: investigated: false @@ -21860,25 +22041,27 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.citrix.com/article/CTX335705 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Remote Execution Engine (DRONE) + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix SD-WAN cves: cve-2021-4104: investigated: false @@ -21890,25 +22073,27 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.citrix.com/article/CTX335705 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Security Advisory Update - DSA-2021-088 + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) cves: cve-2021-4104: investigated: false @@ -21918,27 +22103,29 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - Linux Virtual Delivery Agent 2112 + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Linux Virtual Delivery Agent 2112 unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.citrix.com/article/CTX335705 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Security Management Server & Dell Security Management Server Virtual* + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Workspace App cves: cve-2021-4104: investigated: false @@ -21950,25 +22137,27 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.citrix.com/article/CTX335705 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell SupportAssist SOS + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: ShareFile Storage Zones Controller cves: cve-2021-4104: investigated: false @@ -21980,25 +22169,27 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.citrix.com/article/CTX335705 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Thin OS + last_updated: '2021-12-21T00:00:00' + - vendor: Claris + product: '' cves: cve-2021-4104: investigated: false @@ -22006,11 +22197,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22022,13 +22212,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Threat Defense + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: AM2CM Tool cves: cve-2021-4104: investigated: false @@ -22036,11 +22226,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22052,13 +22241,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell True Color + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Ambari cves: cve-2021-4104: investigated: false @@ -22067,10 +22256,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Only versions 2.x + - 1.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22082,13 +22272,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Trusted Device + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Arcadia Enterprise cves: cve-2021-4104: investigated: false @@ -22097,10 +22287,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Only version 7.1.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22112,13 +22302,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Update + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: CDH, HDP, and HDF cves: cve-2021-4104: investigated: false @@ -22127,10 +22317,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Only version 6.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22142,13 +22332,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: DellEMC OpenManage Enterprise Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: CDP Operational Database (COD) cves: cve-2021-4104: investigated: false @@ -22171,13 +22361,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dream Catcher + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: CDP Private Cloud Base cves: cve-2021-4104: investigated: false @@ -22186,10 +22376,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Only version 7.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22201,13 +22391,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: DUP Creation Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: CDS 3 Powered by Apache Spark cves: cve-2021-4104: investigated: false @@ -22216,10 +22406,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22231,13 +22421,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: DUP Framework (ISG) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: CDS 3.2 for GPUs cves: cve-2021-4104: investigated: false @@ -22246,10 +22436,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22261,13 +22451,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Embedded NAS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Cybersecurity Platform cves: cve-2021-4104: investigated: false @@ -22276,10 +22466,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22291,13 +22481,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Embedded Service Enabler + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Data Engineering (CDE) cves: cve-2021-4104: investigated: false @@ -22305,11 +22495,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22321,13 +22510,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Enterprise Hybrid Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Data Engineering (CDE) cves: cve-2021-4104: investigated: false @@ -22335,8 +22524,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -22350,13 +22540,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Equallogic PS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Data Flow (CFM) cves: cve-2021-4104: investigated: false @@ -22364,11 +22554,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22380,13 +22569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Fluid FS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Data Science Workbench (CDSW) cves: cve-2021-4104: investigated: false @@ -22395,10 +22584,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Only versions 2.x + - 3.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22410,13 +22600,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: iDRAC Service Module (iSM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Data Visualization (CDV) cves: cve-2021-4104: investigated: false @@ -22424,11 +22614,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22440,13 +22629,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Infinity MLK (firmware) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Data Warehouse (CDW) cves: cve-2021-4104: investigated: false @@ -22454,11 +22643,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22470,13 +22658,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Integrated Dell Remote Access Controller (iDRAC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Data Warehouse (CDW) cves: cve-2021-4104: investigated: false @@ -22485,10 +22673,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22500,13 +22688,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: ISG Accelerators + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera DataFlow (CDF) cves: cve-2021-4104: investigated: false @@ -22514,11 +22702,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22530,13 +22717,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: ISG Board & Electrical + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Edge Management (CEM) cves: cve-2021-4104: investigated: false @@ -22545,10 +22732,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22560,13 +22747,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: IsilonSD Management Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Enterprise cves: cve-2021-4104: investigated: false @@ -22575,10 +22762,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Only version 6.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22590,13 +22777,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: IVE-WinDiag + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Flow Management (CFM) cves: cve-2021-4104: investigated: false @@ -22605,10 +22792,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22620,13 +22807,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Mainframe Enablers + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Machine Learning (CML) cves: cve-2021-4104: investigated: false @@ -22634,11 +22821,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22650,13 +22836,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: My Dell + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Machine Learning (CML) cves: cve-2021-4104: investigated: false @@ -22665,10 +22851,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22680,13 +22866,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: MyDell Mobile + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication + Manager) cves: cve-2021-4104: investigated: false @@ -22695,10 +22882,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22710,13 +22897,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: NetWorker Management Console + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication + Manager) cves: cve-2021-4104: investigated: false @@ -22725,10 +22913,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Only versions 7.0.x + - 7.1.x + - 7.2.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22740,13 +22930,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Networking BIOS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Manager (Including Backup Disaster Recovery (BDR)) cves: cve-2021-4104: investigated: false @@ -22754,11 +22944,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22770,13 +22959,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Networking DIAG + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) cves: cve-2021-4104: investigated: false @@ -22785,10 +22974,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Only versions 7.0.x + - 7.1.x + - 7.2.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22800,13 +22991,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Networking N-Series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Stream Processing (CSP) cves: cve-2021-4104: investigated: false @@ -22815,10 +23006,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22830,13 +23021,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Networking OS 10 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Streaming Analytics (CSA) cves: cve-2021-4104: investigated: false @@ -22844,11 +23035,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22860,13 +23050,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Networking OS9 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Streaming Analytics (CSA) cves: cve-2021-4104: investigated: false @@ -22874,11 +23064,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22890,13 +23079,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Networking SD-WAN Edge SD-WAN + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Data Analytics Studio (DAS) cves: cve-2021-4104: investigated: false @@ -22904,11 +23093,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22920,13 +23108,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Networking W-Series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Data Catalog cves: cve-2021-4104: investigated: false @@ -22934,11 +23122,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22950,13 +23137,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Networking X-Series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Data Lifecycle Manager (DLM) cves: cve-2021-4104: investigated: false @@ -22964,11 +23151,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22980,13 +23166,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: OMIMSSC (OpenManage Integration for Microsoft System Center) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Data Steward Studio (DSS) cves: cve-2021-4104: investigated: false @@ -22995,10 +23181,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23010,13 +23196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: OMNIA + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Hortonworks Data Flow (HDF) cves: cve-2021-4104: investigated: false @@ -23024,11 +23210,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23040,13 +23225,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: OpenManage Connections - Nagios + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Hortonworks Data Platform (HDP) cves: cve-2021-4104: investigated: false @@ -23055,10 +23240,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Only versions 7.1.x + - 2.7.x + - 2.6.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23070,13 +23257,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: OpenManage Connections - ServiceNow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Hortonworks DataPlane Platform cves: cve-2021-4104: investigated: false @@ -23084,11 +23271,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23100,13 +23286,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: OpenManage Enterprise + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Management Console cves: cve-2021-4104: investigated: false @@ -23114,8 +23300,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -23129,14 +23316,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: OpenManage Integration for Microsoft System Center for System Center - Operations Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Management Console for CDP Public Cloud cves: cve-2021-4104: investigated: false @@ -23144,11 +23330,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23160,13 +23345,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: OpenManage Integration with Microsoft Windows Admin Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Replication Manager cves: cve-2021-4104: investigated: false @@ -23174,11 +23359,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23190,13 +23374,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: OpenManage Network Integration + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: SmartSense cves: cve-2021-4104: investigated: false @@ -23204,11 +23388,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23220,13 +23403,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: PowerConnect N3200 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Workload Manager cves: cve-2021-4104: investigated: false @@ -23234,11 +23417,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23250,13 +23432,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: PowerConnect PC2800 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Workload XM cves: cve-2021-4104: investigated: false @@ -23265,10 +23447,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23280,13 +23462,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: PowerConnect PC8100 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Workload XM (SaaS) cves: cve-2021-4104: investigated: false @@ -23294,11 +23476,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23310,13 +23491,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: PowerEdge BIOS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CloudFlare + product: '' cves: cve-2021-4104: investigated: false @@ -23324,11 +23505,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23340,13 +23520,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: PowerEdge Operating Systems + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudian HyperStore + product: '' cves: cve-2021-4104: investigated: false @@ -23354,11 +23534,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23370,13 +23549,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://cloudian-support.force.com/s/article/SECURITY-Cloudian-HyperStore-Log4j-vulnerability-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: PowerTools Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudogu + product: Ecosystem cves: cve-2021-4104: investigated: false @@ -23385,10 +23564,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23400,13 +23579,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://community.cloudogu.com/t/security-vulnerability-log4shell-cve-2021-44228/417 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: PPDM Kubernetes cProxy + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudogu + product: SCM-Manager cves: cve-2021-4104: investigated: false @@ -23414,11 +23593,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23430,13 +23608,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: PPDM VMware vProxy + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudron + product: '' cves: cve-2021-4104: investigated: false @@ -23444,11 +23622,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23460,13 +23637,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://forum.cloudron.io/topic/6153/log4j-and-log4j2-library-vulnerability?lang=en-US notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Redtail + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Clover + product: '' cves: cve-2021-4104: investigated: false @@ -23474,11 +23651,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23490,13 +23666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://community.clover.com/articles/35868/apache-log4j-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Remotely Anywhere + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Code42 + product: Code42 App cves: cve-2021-4104: investigated: false @@ -23506,9 +23682,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 8.8.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23520,13 +23696,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Riptide (firmware) + last_updated: '2021-12-22T00:00:00' + - vendor: Code42 + product: Crashplan cves: cve-2021-4104: investigated: false @@ -23536,9 +23712,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23550,13 +23726,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates + notes: The CrashPlan app is EOL and is now called Code42. If you detect CrashPlan + installed, it is vulnerable. You can update easily to Code42 8.8.1 or newer. references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Rugged Control Center (RCC) + - '[https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/)' + last_updated: '2021-12-16T00:00:00' + - vendor: CodeBeamer + product: '' cves: cve-2021-4104: investigated: false @@ -23564,11 +23741,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23580,13 +23756,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://codebeamer.com/cb/wiki/19872365 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: SD ROM Utility + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Codesys + product: '' cves: cve-2021-4104: investigated: false @@ -23594,11 +23770,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23610,13 +23785,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.codesys.com/news-events/news/article/log4j-not-used-in-codesys.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: SDNAS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cohesity + product: '' cves: cve-2021-4104: investigated: false @@ -23624,11 +23799,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23640,13 +23814,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.cohesity.com/s/article/Security-Advisory-Apache-Log4j-Remote-Code-Execution-RCE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Secure Connect Gateway (SCG) Appliance + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CommVault + product: '' cves: cve-2021-4104: investigated: false @@ -23654,9 +23828,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -23670,13 +23843,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-282 + - https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Secure Connect Gateway (SCG) Policy Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Concourse + product: Concourse cves: cve-2021-4104: investigated: false @@ -23684,9 +23857,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"5.00.00.10 5.00.05.10"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -23700,13 +23872,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-281 + - https://github.com/concourse/concourse/discussions/7887 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Server Storage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ConcreteCMS.com + product: '' cves: cve-2021-4104: investigated: false @@ -23714,11 +23886,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23730,13 +23901,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Smart Fabric Storage Software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Confluent + product: Confluent Cloud cves: cve-2021-4104: investigated: false @@ -23746,9 +23917,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23760,13 +23931,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: SmartByte + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent ElasticSearch Sink Connector cves: cve-2021-4104: investigated: false @@ -23775,10 +23946,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <11.1.7 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23790,13 +23961,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: SMI-S + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent for Kubernetes cves: cve-2021-4104: investigated: false @@ -23820,13 +23991,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Software RAID + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent Google DataProc Sink Connector cves: cve-2021-4104: investigated: false @@ -23835,10 +24006,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.1.5 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23850,13 +24021,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Solutions Enabler + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent HDFS 2 Sink Connector cves: cve-2021-4104: investigated: false @@ -23865,10 +24036,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <10.1.3 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23880,13 +24051,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Solutions Enabler vApp + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent HDFS 3 Sink Connector cves: cve-2021-4104: investigated: false @@ -23895,10 +24066,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.1.8 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23910,13 +24081,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Sonic + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent Kafka Connectors cves: cve-2021-4104: investigated: false @@ -23940,13 +24111,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: SRS Policy Manager + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent Platform cves: cve-2021-4104: investigated: false @@ -23956,7 +24127,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '7' + - <7.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -23970,13 +24141,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: SRS VE + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent Splunk Sink Connector cves: cve-2021-4104: investigated: false @@ -23985,10 +24156,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <2.05 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24000,13 +24171,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Storage Center - Dell Storage Manager + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent VMWare Tanzu GemFire Sink Connector cves: cve-2021-4104: investigated: false @@ -24014,8 +24185,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <1.0.8 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -24029,13 +24201,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Storage Center OS and additional SC applications unless otherwise noted + last_updated: '2021-12-17T00:00:00' + - vendor: Connect2id + product: '' cves: cve-2021-4104: investigated: false @@ -24043,41 +24215,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: SupportAssist Client Commercial - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24089,13 +24230,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://connect2id.com/blog/connect2id-server-12-5-1 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: SupportAssist Client Consumer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ConnectWise + product: '' cves: cve-2021-4104: investigated: false @@ -24103,11 +24244,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24119,13 +24259,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.connectwise.com/company/trust/advisories notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: SupportAssist Enterprise + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ContrastSecurity + product: '' cves: cve-2021-4104: investigated: false @@ -24148,13 +24288,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + - https://support.contrastsecurity.com/hc/en-us/articles/4412612486548 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: UCC Edge + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ControlUp + product: '' cves: cve-2021-4104: investigated: false @@ -24162,11 +24302,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24178,13 +24317,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://status.controlup.com/incidents/qqyvh7b1dz8k notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Unisphere Central + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: COPADATA + product: All cves: cve-2021-4104: investigated: false @@ -24207,13 +24346,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/10/2022 + - https://www.copadata.com/fileadmin/user_upload/faq/files/InformationReport_CVE_2021_44228.pdf + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Unisphere for PowerMax + last_updated: '2022-01-06T00:00:00' + - vendor: CouchBase + product: '' cves: cve-2021-4104: investigated: false @@ -24221,11 +24360,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24237,13 +24375,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Unisphere for PowerMax vApp + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CPanel + product: '' cves: cve-2021-4104: investigated: false @@ -24251,11 +24389,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24267,13 +24404,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Unisphere for VMAX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cradlepoint + product: '' cves: cve-2021-4104: investigated: false @@ -24281,11 +24418,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24297,13 +24433,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://cradlepoint.com/vulnerability-alerts/cve-2021-44228-apache-log4j-security-vulnerabilities/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Unisphere for VNX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Crestron + product: '' cves: cve-2021-4104: investigated: false @@ -24311,11 +24447,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24327,13 +24462,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.crestron.com/Security/Security_Advisories/Apache-Log4j notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Update Manager Plugin + last_updated: '2021-12-20T00:00:00' + - vendor: CrushFTP + product: '' cves: cve-2021-4104: investigated: false @@ -24341,11 +24476,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24357,13 +24491,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.crushftp.com/download.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Vblock + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CryptShare + product: '' cves: cve-2021-4104: investigated: false @@ -24386,13 +24520,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending See vce6771 (requires customer login) + - https://www.cryptshare.com/en/support/cryptshare-support/#c67572 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: ViPR Controller + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CyberArk + product: Privileged Threat Analytics (PTA) cves: cve-2021-4104: investigated: false @@ -24402,9 +24536,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24416,13 +24550,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228 notes: '' references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: VMware vRealize Automation 8.x + - This advisory is available to customers only and has not been reviewed by + CISA. + last_updated: '2021-12-14T00:00:00' + - vendor: Cybereason + product: '' cves: cve-2021-4104: investigated: false @@ -24430,9 +24565,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -24446,13 +24580,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + - https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: VMware vRealize Orchestrator 8.x + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CyberRes + product: '' cves: cve-2021-4104: investigated: false @@ -24460,9 +24594,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -24476,13 +24609,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + - https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: VNX1 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Daktronics + product: All Sport Pro cves: cve-2021-4104: investigated: false @@ -24490,11 +24623,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24506,13 +24638,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: VNX2 + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dakronics Media Player cves: cve-2021-4104: investigated: false @@ -24524,7 +24656,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - DMP (any series) cve-2021-45046: investigated: false affected_versions: [] @@ -24536,13 +24668,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: VNXe 1600 + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dakronics Web Player cves: cve-2021-4104: investigated: false @@ -24550,9 +24682,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: - - Versions 3.1.16.10220572 and earlier + - DWP-1000 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -24566,13 +24698,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: DWP-1000 is not present in our codebase, but awaiting confirmation from + LG re webOS platform. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: VNXe 3200 + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Data Vision Software (DVS) cves: cve-2021-4104: investigated: false @@ -24580,9 +24713,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Version 3.1.15.10216415 and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -24596,13 +24728,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: DVS has one microservice that uses Log4j, but it uses a version that is + not impacted. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: VPLEX VS2/VS6 / VPLEX Witness + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dynamic Messaging System (DMS) cves: cve-2021-4104: investigated: false @@ -24610,11 +24743,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24626,13 +24758,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: vRealize Data Protection Extension Data Management + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dynamic Messaging System - DMS Core Player cves: cve-2021-4104: investigated: false @@ -24640,10 +24772,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - P10 cve-2021-45046: investigated: false affected_versions: [] @@ -24655,13 +24788,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dynamic Messaging System - DMS Player hardware cves: cve-2021-4104: investigated: false @@ -24670,10 +24803,16 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"version 19.6 version 19.7 version 19.8 and version 19.9"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - AMP-R200 + - AMP-R400 + - AMP-R800 + - AMP-SM100 + - AMP-SE100 + - AMP-SM200 + - AMP-SM400 cve-2021-45046: investigated: false affected_versions: [] @@ -24685,13 +24824,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dynamic Messaging System - DMS Web Player cves: cve-2021-4104: investigated: false @@ -24699,9 +24838,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Various + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -24715,13 +24853,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: DMS Web Player not present in our codebase, but awaiting confirmation from + LG re webOS platform. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: vRO Plugin for Dell EMC PowerMax + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: IBoot - Dataprobe IBoot Devices cves: cve-2021-4104: investigated: false @@ -24730,10 +24869,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.2.3 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - A-3257 + - '3256' + - '2270' + - '2269' + - '1978' cve-2021-45046: investigated: false affected_versions: [] @@ -24745,13 +24888,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: vRO Plugin for Dell EMC PowerScale + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Outdoor Smartlink Devices cves: cve-2021-4104: investigated: false @@ -24760,10 +24903,16 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.1.0 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - A-3189335 + - '3128' + - '3416' + - '3418' + - '3707' + - '3708' + - '3709' cve-2021-45046: investigated: false affected_versions: [] @@ -24775,13 +24924,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: vRO Plugin for Dell EMC PowerStore + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Routers - Cisco Meraki Z3/Z3c Routers cves: cve-2021-4104: investigated: false @@ -24790,10 +24939,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.1.4 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - A-4036028 cve-2021-45046: investigated: false affected_versions: [] @@ -24805,13 +24954,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: vRO Plugin for Dell EMC Unity + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Routers - Cisco Z1 Routers cves: cve-2021-4104: investigated: false @@ -24820,10 +24969,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.0.6 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - A-3665 cve-2021-45046: investigated: false affected_versions: [] @@ -24835,13 +24984,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: vRO Plugin for Dell EMC XtremIO + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Routers - Sierra Wireless RV50x/RV50 cves: cve-2021-4104: investigated: false @@ -24849,9 +24998,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: - - Version 4.1.2 or earlier + - A-3350704 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -24865,13 +25014,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Vsan Ready Nodes + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Show Control System (SCS) cves: cve-2021-4104: investigated: false @@ -24879,11 +25028,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24895,13 +25043,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: VxBlock + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Vanguard cves: cve-2021-4104: investigated: false @@ -24924,13 +25072,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Patch pending See vce6771 (requires customer login) "' + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Warnado MLK (firmware) + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Venus 1500 cves: cve-2021-4104: investigated: false @@ -24938,11 +25086,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24954,13 +25101,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Wyse Management Suite + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Venus Control Suite (VCS) cves: cve-2021-4104: investigated: false @@ -24968,9 +25115,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <3.5 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -24984,13 +25130,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-267 + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Wyse Proprietary OS (ThinOS) + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Video Image Processors cves: cve-2021-4104: investigated: false @@ -25002,7 +25148,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - VIP-5060/VIP-5160/VIP-4060 cve-2021-45046: investigated: false affected_versions: [] @@ -25014,13 +25160,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Wyse Windows Embedded Suite + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Webcam - Mobotix cves: cve-2021-4104: investigated: false @@ -25032,7 +25178,9 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - A-2242 + - A-3127 + - A-3719 cve-2021-45046: investigated: false affected_versions: [] @@ -25044,13 +25192,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Deltares - product: Delft-FEWS + last_updated: '2022-01-06T00:00:00' + - vendor: DarkTrace + product: All cves: cve-2021-4104: investigated: false @@ -25058,10 +25206,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '>2018.02' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -25074,13 +25221,8520 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://publicwiki.deltares.nl/display/FEWSDOC/Delft-FEWS+and+Log4J+vulnerability - notes: Mitigations Only + - https://customerportal.darktrace.com/inside-the-soc/get-article/201 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Denequa - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dassault Systèmes + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Databricks + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: Datadog Agent + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=6.17.0' + - <=6.32.2 + - '>=7.17.0' + - <=7.32.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.datadoghq.com/log4j-vulnerability/ + notes: JMX monitoring component leverages an impacted version of log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: datadog-kafka-connect-logs + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.0.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.datadoghq.com/log4j-vulnerability/ + notes: Version 1.0.2 of the library uses version 2.16.0 of Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: datadog-lambda-java + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.0.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.datadoghq.com/log4j-vulnerability/ + notes: Following AWS recommendation, library updated using the latest version + of amazon-lambda-java-log4j2 (1.4.0). + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dataminer + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.dataminer.services/responding-to-log4shell-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datev + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datto + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.datto.com/blog/dattos-response-to-log4shell + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DBeaver + product: All + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dcache.org/post/log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: dCache.org + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dcache.org/post/log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Debian + product: Apache-log4j.1.2 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - stretch, buster, bullseye + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - stretch, buster, bullseye + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-tracker.debian.org/tracker/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Debian + product: Apache-log4j2 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - stretch, buster, bullseye + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - stretch, buster, bullseye + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-tracker.debian.org/tracker/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Decos + product: Cloud + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: EvenementenAssistent + InkomensAssistent + Leerlingenvervoer + AIM online + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: Fixi + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: Integrations (StUF/ZGW/Doclogic-DataIntegrator) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Klant Contact + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Zaak &I Document (on-premise) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: The solution contains Elasticsearch (vulnerable). Mitigating actions available + on our WIKI. + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Zaak &I Document (on-premise) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: The SaaS hosted solution contains Logstash + Elasticsearch (vulnerable). + Mitigating actions taken. + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Deepinstinct + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dell + product: Alienware Command Center + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Alienware OC Controls + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Alienware On Screen Display + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Alienware Update + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: APEX Console + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Cloud environment patched. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: APEX Data Storage Services + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Cloud environment patch in progress. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Atmos + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Avamar vproxy + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: CalMAN Powered Calibration Firmware + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: CalMAN Ready for Dell + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Centera + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Chameleon Linux Based Diagnostics + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Chassis Management Controller (CMC) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: China HDD Deluxe + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Client Platforms (Latitude, OptiPlex, Alienware, Inspiron, Precision, + XPS, Vostro, ChengMing) BIOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Cloud IQ + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Cloud environment patched. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Cloud Mobility for Dell EMC Storage + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Cloud Tiering Appliance + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: CloudIQ Collector + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Common Event Enabler + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Connectrix (Cisco MDS 9000 switches) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Connectrix (Cisco MDS DCNM) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: Versions prior to 11.5(1x) + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/23/21. + references: + - '[DSA-2021-302](https://www.dell.com/support/kbdoc/en-us/000194797/dsa-2021-302-dell-connectrix-mds-dcnm-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Connectrix B-Series SANnav + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.1.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 2/28/2022. + references: + - '[DSA-2021-266](https://www.dell.com/support/kbdoc/en-us/000194461/dsa-2021-266-dell-emc-connectrix-b-series-sannav-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Connextrix B Series + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: CyberSecIQ Application + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: CyberSense for PowerProtect Cyber Recovery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Data Domain OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Versions from 7.3.0.5 to 7.7.0.6 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-274 + references: + - '[DSA-2021-274](https://www.dell.com/support/kbdoc/en-us/000194503/dsa-2021-274-dell-emc-data-domain-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell BSAFE Crypto-C Micro Edition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell BSAFE Crypto-J + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell BSAFE Micro Edition Suite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Calibration Assistant + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Cinema Color + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Cloud Command Repository Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Cloud Management Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Color Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Command Configure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Command Integration Suite for System Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Command Intel vPro Out of Band + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Command Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Command Power Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Command PowerShell Provider + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Command Update + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Customer Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Data Guardian* + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Data Protection* + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Data Recovery Environment + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Data Vault + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Data Vault for Chrome OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Deployment Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Digital Delivery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Direct USB Key + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Display Manager 1.5 for Windows / macOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Display Manager 2.0 for Windows / macOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC AppSync + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Avamar + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '18.2' + - '19.1' + - '19.2' + - '19.3' + - '19.4' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/20/21. + references: + - '[DSA-2021-277](https://www.dell.com/support/kbdoc/en-us/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC BSN Controller Node + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-305 + references: + - '[DSA-2021-305](https://www.dell.com/support/kbdoc/en-us/000194631/dsa-2021-305-dell-emc-bsn-controller-node-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Cloud Disaster Recovery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Versions from 19.6 and later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch pending + references: + - '[DSA-2021-289](https://www.dell.com/support/kbdoc/en-us/000194663/dsa-2021-289-dell-emc-cloud-disaster-recovery-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Cloudboost + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC CloudLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Container Storage Modules + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Data Computing Appliance (DCA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Data Protection Advisor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 18.x (or earlier) -standalone DPA is EOSL + - 18.2.x (IDPA) + - 19.1.x + - 19.2.x + - 19.3.x + - 19.4.x + - 19.5.x + - 19.6.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '[DSA-2021-309](https://www.dell.com/support/kbdoc/en-us/000194651/dsa-2021-309-dell-emc-dpa-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Data Protection Central + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 18.2.x-19.4.x + - 19.5.0-19.5.0.7 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-269 + references: + - '[DSA-2021-269](https://www.dell.com/support/kbdoc/en-us/000194557/dsa-2021-269-dell-emc-data-protection-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Data Protection Search + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Versions before 19.6 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-279 + references: + - '[DSA-2021-279](https://www.dell.com/support/kbdoc/en-us/000194629/dsa-2021-279-dell-emc-data-protection-search-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC DataIQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Disk Library for Mainframe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Enterprise Storage Analytics for vRealize Operations + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <6.0.0 + - 6.1.0 + - 6.2.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-278 + references: + - '[DSA-2021-278](https://www.dell.com/support/kbdoc/en-us/000194488/dsa-2021-278)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC GeoDrive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Integrated System for Azure Stack HCI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Dell EMC Integrated System for Azure Stack HCI is not impacted by this + advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect + Gateway (SCG) were optionally installed with Dell EMC Integrated System for + Azure Stack HCI monitor the following advisories. See DSA-2021-307. + references: + - '[DSA-2021-307](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Integrated System for Microsoft Azure Stack Hub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 2022-01-31. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Isilon InsightIQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC License Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Metro Node + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Versions before 7.0.1 P2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-308 + references: + - '[DSA-2021-308](https://www.dell.com/support/kbdoc/en-us/000194630/dsa-2021)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC NetWorker + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 19.4.x + - 19.5.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/20/21 + references: + - '[DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC NetWorker VE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 19.4.x + - 19.5.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/20/21 + references: + - '[DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Networking Onie + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Networking Virtual Edge Platform with VersaOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC OpenManage Ansible Modules + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC OpenManage Enterprise Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Version 1.2 and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/20/21 + references: + - '[DSA-2021-276](https://www.dell.com/support/kbdoc/en-us/000194652/dsa-2021-276-dell-emc-openmanage-enterprise-services-security-update-for-apache-log4j-remote-code-execution-vulnerabilities-cve-2021-44228-cve-2021-45046)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC OpenManage integration for Splunk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC OpenManage Integration for VMware vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC OpenManage Management pack for vRealize Operations + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge + Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerFlex Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-293. + references: + - '[DSA-2021-293](https://www.dell.com/support/kbdoc/en-us/000194579/dsa-2021-293-dell-powerflex-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerFlex Rack + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - RCM 3.3 train - all versions up to 3.3.11.0 + - RCM 3.4 train - all versions up to 3.4.6.0 + - RCM 3.5 train - all versions up to 3.5.6.0 + - RCM 3.6 train - all versions up to 3.6.2.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-292. + references: + - '[DSA-2021-292](https://www.dell.com/support/kbdoc/en-us/000194578/dsa-2021-292-dell-powerflex-rack-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerFlex Software (SDS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '3.5' + - 3.5.1 + - 3.5.1.1 + - 3.5.1.2 + - 3.5.1.3 + - 3.5.1.4 + - '3.6' + - 3.6.0.1 + - 3.6.0.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-272. + references: + - '[DSA-2021-272](https://www.dell.com/support/kbdoc/en-us/000194548/dsa-2021-272-dell-powerflex-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerPath + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerPath Management Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerProtect Cyber Recovery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerProtect Data Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All versions 19.9 and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-286. + references: + - '[DSA-2021-286](https://www.dell.com/support/kbdoc/en-us/000194549/dsa-2021-286-dell-emc-power-protect-data-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerProtect DP Series Appliance (iDPA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.7.0 and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA 2021-285. + references: + - '[DSA-2021-285](https://www.dell.com/support/kbdoc/en-us/000194532/dsa-2021-285-dell-emc-integrated-data-protection-appliance-powerprotect-dp-series-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerScale OneFS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerShell for PowerMax + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerShell for Powerstore + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerShell for Unity + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerStore + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Versions before 2.0.1.3-1538564 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-295. + references: + - '[DSA-2021-295](https://www.dell.com/support/kbdoc/en-us/000194739/dsa-2021-295-dell-emc-powerstore-family-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerSwitch Z9264F-ON BMC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerSwitch Z9432F-ON BMC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerVault ME4 Series Storage Arrays + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC RecoverPoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA 2021-284. + references: + - '[DSA 2021-284](https://www.dell.com/support/kbdoc/en-us/000194531/dsa-2021-284-dell-emc-recoverpoint-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Repository Manager (DRM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Ruckus SmartZone 100 Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-303 + references: + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Ruckus SmartZone 300 Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-303 + references: + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Ruckus Virtual Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-303 + references: + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC SourceOne + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC SRM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Versions before 4.6.0.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-301. + references: + - '[DSA-2021-301](https://www.dell.com/support/kbdoc/en-us/000194613/dsa-2021-301)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Streaming Data Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '1.1' + - '1.2' + - 1.2 HF1 + - '1.3' + - 1.3.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-297. + references: + - '[DSA-2021-297](https://www.dell.com/support/kbdoc/en-us/000194627/dsa-2021-297-dell-emc-streaming-data-platform-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Systems Update (DSU) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Unisphere 360 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Unity + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-294. + references: + - '[DSA-2021-294](https://www.dell.com/support/kbdoc/en-us/000194826/dsa-2021-294-dell-emc-unity-dell-emc-unityvsa-and-dell-emc-unity-xt-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Virtual Storage Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC VPLEX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC vProtect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 19.5-19.9 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2022-007. + references: + - '[DSA-2022-007](https://www.dell.com/support/kbdoc/en-us/000195003/title-dsa-2022-007-dell-emc-vprotect-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC VxRail + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 4.5.x + - 4.7.x + - 7.0.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-265. + references: + - '[DSA-2021-265](https://www.dell.com/support/kbdoc/en-us/000194466/dsa-2021-265-dell-emc-vxrail-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC XC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-311. + references: + - '[DSA-2021-311](https://www.dell.com/support/kbdoc/en-us/000194822/dsa-2021-311-dell-emc-xc-series-and-core-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC XtremIO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Encryption Enterprise* + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Encryption Personal* + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Endpoint Security Suite Enterprise* + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Hybrid Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell ImageAssist + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Insights Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Linux Assistant + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Memory Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Mobile Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Monitor ISP (Windows/Mac/Linux) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Monitor SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Networking X-Series + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Change Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Versions before 3.8.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-275 + references: + - '[DSA-2021-275](https://www.dell.com/support/kbdoc/en-us/000194638/dsa-2021-275-dell-emc-openmanage-enterprise-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Enterprise CloudIQ plugin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Enterprise Modular + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Versions before 1.40.10 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-268 + references: + - '[DSA-2021-268](https://www.dell.com/support/kbdoc/en-us/000194625/dsa-2021-268-dell-emc-openmanage-enterprise-modular-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Enterprise Power Manager plugin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Mobile + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Server Administrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Optimizer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OS Recovery Tool + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Peripheral Manager 1.4 / 1.5 for Windows + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Platform Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Power Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Power Manager Lite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Precision Optimizer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Precision Optimizer for Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Premier Color + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Recovery (Linux) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Remediation Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Remote Execution Engine (DRONE) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Security Advisory Update - DSA-2021-088 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Security Management Server & Dell Security Management Server Virtual* + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell SupportAssist SOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Thin OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Threat Defense + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell True Color + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Trusted Device + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Update + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dream Catcher + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: DUP Creation Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: DUP Framework (ISG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: ECS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.3.x + - 3.4.x + - 3.5.x + - 3.6.0.x + - 3.6.1.x + - 3.6.2.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-273. + references: + - '[DSA-2021-273](https://www.dell.com/support/kbdoc/en-us/000194612/dsa-2021-273-dell-emc-ecs-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Embedded NAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Embedded Service Enabler + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Enterprise Hybrid Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-270. + references: + - '[DSA-2021-270](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Equallogic PS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Fluid FS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: iDRAC Service Module (iSM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Infinity MLK (firmware) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Integrated Dell Remote Access Controller (iDRAC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: ISG Accelerators + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: ISG Board & Electrical + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: ISG Drive & Storage Media + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: IsilonSD Management Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: IVE-WinDiag + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Mainframe Enablers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: MDS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: My Dell + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: MyDell Mobile + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: NetWorker Management Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking BIOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking DIAG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking N-Series + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking OS 10 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking OS 9 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking SD-WAN Edge SD-WAN + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking W-Series + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking X-Series + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OMIMSSC (OpenManage Integration for Microsoft System Center) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OMNIA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OpenManage Connections - Nagios + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OpenManage Connections - ServiceNow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OpenManage Integration for Microsoft System Center for System Center + Operations Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OpenManage Integration with Microsoft Windows Admin Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OpenManage Network Integration + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OpenManage Power Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerConnect N3200 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerConnect PC2800 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerConnect PC8100 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge Accelerator Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge BIOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge Networking Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge Operating Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge RAID Controller Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerTools Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PPDM Kubernetes cProxy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PPDM VMware vProxy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Redtail + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Remotely Anywhere + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Riptide (firmware) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Rugged Control Center (RCC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SD ROM Utility + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SDNAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Secure Connect Gateway (SCG) Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-282 + references: + - '[]' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Secure Connect Gateway (SCG) Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.00.00, 5.00.05, and 4.0.06 and earlier versions (OVF and VHD) + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-282 + references: + - '[DSA-2021-282](https://www.dell.com/support/kbdoc/en-us/000194624/dsa-2021-282-dell-emc-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Secure Connect Gateway (SCG) Policy Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.00.00.10 + - 5.00.05.10 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-281 + references: + - '[DSA-2021-281](https://www.dell.com/support/kbdoc/en-us/000194539/dsa-2021-281-dell-emc-policy-manager-for-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Server Storage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Smart Fabric Storage Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SmartByte + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SMI-S + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Software RAID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Solutions Enabler + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Solutions Enabler vApp + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Sonic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SRS Policy Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-287. + references: + - '[DSA-2021-287](https://www.dell.com/support/kbdoc/en-us/000194544/dsa-2021-287-dell-emc-srs-policy-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SRS VE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Storage Center - Dell Storage Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 16.x + - 17.x + - 18.x + - 19.x + - 20.1.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-310. + references: + - '[DSA-2021-310](https://www.dell.com/support/kbdoc/en-us/000194790/dsa-2021-310-storage-center-dell-storage-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Storage Center OS and additional SC applications unless otherwise noted + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SupportAssist Client Commercial + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SupportAssist Client Consumer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SupportAssist Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.0.70 and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-283. + references: + - '[DSA-2021-283](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: UCC Edge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Unisphere Central + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Versions before 4.0 SP 9.2 (4.0.9.1541235) + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-296. + references: + - '[DSA-2021-296](https://www.dell.com/support/kbdoc/en-us/000194874/dsa-2021-296-dell-emc-unisphere-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Unisphere for PowerMax + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Unisphere for PowerMax vApp + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Unisphere for VMAX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Unisphere for VNX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Update Manager Plugin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Vblock + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch pending See vce6771 (requires customer login). This advisory is available + to customer only and has not been reviewed by CISA. + references: + - '[vce6771](https://support-dellemc-com.secure.force.com/)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: ViPR Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VMware vRealize Automation 8.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 8.2 8.3 8.4 8.5 and 8.6 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/19/21 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VMware vRealize Orchestrator 8.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 8.2 8.3 8.4 8.5 and 8.6 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/19/21 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNX Control Station + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNX1 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNX2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNXe 1600 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Versions 3.1.16.10220572 and earlier + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-299 + references: + - '[DSA-2021-299](https://www.dell.com/support/kbdoc/en-us/000194605/dsa-2021-299-dell-emc-vnxe1600-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNXe 3200 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Version 3.1.15.10216415 and earlier + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-298 + references: + - '[DSA-2021-298](https://www.dell.com/support/kbdoc/en-us/000194606/dsa-2021-298-dell-emc-vnxe3200-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VPLEX VS2/VS6 / VPLEX Witness + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRealize Data Protection Extension Data Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-290. + references: + - '[DSA-2021-290](https://www.dell.com/support/kbdoc/en-us/000194614/dsa-2021-290-dell-emc-vrealize-data-protection-extension-for-vrealize-automation-vra-8-x-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300. + references: + - '[DSA-2021-300](https://www.dell.com/support/kbdoc/en-us/000194610/dsa-2021-300)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC PowerMax + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Version 1.2.3 or earlier + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC PowerScale + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Version 1.1.0 or earlier + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC PowerStore + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Version 1.1.4 or earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC Unity + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Version 1.0.6 or earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC XtremIO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Version 4.1.2 or earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Vsan Ready Nodes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VxBlock + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch pending See vce6771 (requires customer login). This advisory is available + to customer only and has not been reviewed by CISA. + references: + - '[vce6771](https://support-dellemc-com.secure.force.com/)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Warnado MLK (firmware) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Wyse Management Suite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 3.5 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-267 + references: + - '[DSA-2021-267](https://www.dell.com/support/kbdoc/en-us/000194459/dsa-2021-267-dell-wyse-management-suite-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Wyse Proprietary OS (ThinOS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Wyse Windows Embedded Suite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Deltares + product: Delft-FEWS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>2018.02' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://publicwiki.deltares.nl/display/FEWSDOC/Delft-FEWS+and+Log4J+vulnerability + notes: Mitigations Only + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Denequa + product: All cves: cve-2021-4104: investigated: false @@ -25107,9 +33761,26394 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Device42 - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Device42 + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.device42.com/2021/12/13/log4j-zero-day/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Devolutions + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Diebold Nixdorf + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dieboldnixdorf.com/en-us/apache + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Digi International + product: AnywhereUSB Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: ARMT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Aview + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: AVWOB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: CTEK G6200 family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: CTEK SkyCloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: CTEK Z45 family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi 54xx family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi 63xx family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi AnywhereUSB (G2) family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi AnywhereUSB Plus family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Connect EZ family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Connect family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Connect IT family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Connect Sensor family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Connect WS family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi ConnectPort family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi ConnectPort LTS family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Embedded Android + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Embedded Yocto + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi EX routers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi IX routers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi LR54 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Navigator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi One family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Passport family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi PortServer TS family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Remote Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi TX routers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR11 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR21 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR31 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR44R/RR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR54 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR64 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Xbee mobile app + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Lighthouse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Realport + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Remote Hub Config Utility + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digicert + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.digicert.com/alerts/digicert-log4j-response.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Digital AI + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Digital Alert Systems + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digitalalertsystems.com/default-2.htm + notes: Formerly Monroe Electronics, Inc. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: DirectAdmin + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.directadmin.com/threads/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare.65173/#post-339723 + notes: Invidivual plugins not developed as part of DirectAdmin core may be vulnerable. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: DNSFilter + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Docker + product: Infrastructure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ + notes: Docker infrastructure not vulnerable, Docker images could be vulnerable. + For more info see source. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Docusign + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DotCMS + product: Hybrid Content Management System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/dotCMS/core/issues/21393 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DrayTek + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dropwizard + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/dropwizardio/status/1469285337524580359 + notes: Only vulnerable if you manually added Log4j. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dräger + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://static.draeger.com/security + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: DSpace + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dynatrace + product: ActiveGate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Cloud Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Extensions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: FedRamp SAAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Managed cluster nodes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: OneAgent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: SAAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Synthetic Private ActiveGate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Synthetic public locations + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: EasyRedmine + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Eaton + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf + notes: For security purposes direct notifications are being made to impacted customers. Please + stay tuned for more updates. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: EclecticIQ + product: TIP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 2.11 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2 + notes: This advisory is available to customer only and has not been reviewed by + CISA. The Threat Intel Platform includes Neo4j 3.5.12 (not vulnerable) and Elasticsearch + and Logstash OSS 7.9.1 (vulnerable) see Elasticsearch below for mitigation. + See link in their own fix for Logstash (Support account needed, ongoing investigation) + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Eclipse Foundation + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228) + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Edwards + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.edwards.com/devices/support/product-security + notes: '' + references: + - '' + last_updated: '2022-01-06T00:00:00' + - vendor: EFI + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: eG Innovations + product: eG Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 7.1.8 - 7.1.9 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.eginnovations.com/brochures/eGEnterprise-and-Log4jShell-Vulnerability.pdf + notes: '' + references: + - '' + last_updated: '2022-01-06T00:00:00' + - vendor: EGroupware + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Elastic + product: APM Java Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.17.0 - 1.28.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: Only vulnerable with specific configuration. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: APM Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Beats + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Cmd + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Cloud Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Cloud on Kubernetes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Endgame + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Maps Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elasticsearch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 7.16.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Endpoint Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Enterprise Search + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Fleet Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Kibana + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Logstash + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 6.8.22 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Machine Learning + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Swiftype + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ellucian + product: Admin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Banner Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Banner Document Management (includes Banner Document Retention) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Banner Event Publisher + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Banner Integration for eLearning + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Banner Integration for eProcurement + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Banner Self Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Banner Workflow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Colleague + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: On-prem and cloud deployements expect fixed 12/18/2021 + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Colleague Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: CRM Advance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: CRM Advise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: CRM Recruit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Advance Web Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Data Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Design Path + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian ePrint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Ethos API & API Management Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Ethos Extend + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Ethos Integration + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian eTranscripts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Intelligent Platform (ILP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian International Student and Scholar Management (ISSM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Message Service (EMS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Messaging Adapter (EMA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Mobile + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Payment Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian PowerCampus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Solution Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Workflow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Enterprise Identity Services (BEIS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 148 Temperature Transmitter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 2051 Pressure Transmitter Family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 2088 Pressure Transmitter Family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 2090F/2090P Pressure Transmitters + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 215 Pressure Sensor Module + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 248 Configuration Application + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 248 Temperature Transmitter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 3051 & 3051S Pressure transmitter families + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 3144P Temperature Transmitter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 326P Pressure Transmitter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 326T Temperature Transmitter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 327T Temperature Transmitter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 4088 Pressure Transmitter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 4088 Upgrade Utility + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 4600 Pressure Transmitter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 4732 Endeavor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 550 PT Pressure Transmitter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 5726 Transmitter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 644 Temperature Transmitter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 648 Temperature Transmitter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 848T Temperature Transmitter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Combustion - OCX OXT 6888 CX1100 6888Xi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT2211 QCL Aerosol Microleak Detection System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT3000 QCL Automotive OEM Gas Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT4000 QCL Marine OEM Gas Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT4215 QCL Packaging Leak Detection System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT4400 QCL General Purpose Continuous Gas Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT4404 QCL pMDI Leak Detection Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT5100 QCL Field Housing Continuous Gas Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT5400 QCL General Purpose Continuous Gas Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: DHNC1 DHNC2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: DHNC1 DHNC2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Emerson Aperio software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Engineering Assistant + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 5.x + - 6.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Fieldwatch and Service consoles + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Fieldwatch and Service consoles + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Flame Detection - 975UF & 975UR Infrared Flame Detectors 975HR Infrared + Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Flarecheck FlowCheck Flowel & PWAM software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Flarecheck FlowCheck Flowel & PWAM software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Gas Analysis - X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Gas Chromatographs - M500/2350A MON2000 700XA/1500XA 370XA MON2020 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Gas Detection - Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Incus Ultrasonic gas leak detector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: K-Series Coriolis Transmitters + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Liquid Transmitters - 5081 1066 1056 1057 56' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Mark III Gas and Liquid USM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: MPFM2600 & MPFM5726 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Plantweb Advisor for Metrology and Metering Suite SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Prolink Configuration Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Prolink Mobile Application & ProcessViz Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount 2230 Graphical Field Display + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount 2240S Multi-input Temperature Transmitter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount 2410 Tank Hub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount 2460 System Hub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount 3490 Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount CMS/IOU 61 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount CMS/SCU 51/SCC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount CMS/WSU 51/SWF 51 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount IO-Link Assistant + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount Level Detectors (21xx) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount Radar Configuration Tool + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount Radar Level Gauges (Pro 39xx 59xx) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount RadarMaster + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount RadarMaster Plus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount Tank Radar Gauges (TGUxx) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount TankMaster + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount TankMaster Mobile + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Spectrex family Flame Detectors and Rosemount 975 flame detector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: USM 3410 and 3810 Series Ultrasonic Transmitters + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: USM 3410 and 3810 Series Ultrasonic Transmitters + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Vortex and Magmeter Transmitters + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: WCM SWGM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Enfocus + product: BoardingPass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: PDF Review Module + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: PitStop + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enovation + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://enovationgroup.com/nl/nieuws/log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: EnterpriseDT + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ESET + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ESET + product: Secure Authentication + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ESRI + product: ArcGIS Data Store + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS GeoEvent Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS Workflow Manager Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: Portal for ArcGIS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Estos + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: EVL Labs + product: JGAAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - <8.0.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/evllabs/JGAAP/releases/tag/v8.0.2 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Evolveum Midpoint + product: Midpoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://evolveum.com/midpoint-not-vulnerable-to-log4shell/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ewon + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42 + notes: '' + references: + - '' + last_updated: '2022-02-02T07:18:50+00:00' + - vendor: Ewon + product: eCatcher + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 6.7.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42 + notes: '' + references: + - '' + last_updated: '2022-02-02T07:18:50+00:00' + - vendor: Exabeam + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.exabeam.com/s/discussions?t=1639379479381 + notes: This advisory is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: AEC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Audition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: BoekhoudGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Bouw7 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Business Suite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: CommunicatieGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Consolidation powered by LucaNet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Digipoort + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: DigitaleFactuur + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Dimoni + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: EDI Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: FDS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Financials + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: FiscaalGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Globe Core Product + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Globe E-report/Crystal Reports + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Go2UBL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Gripp + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: HR & SalarisGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Insights (Qlik) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Officient + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Online All core products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Online Elastic Search + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Online Samenwerken (OSW) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Payroll Plus (Loket) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: ProAcc + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: ProQuro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: RapportageGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Reeleezee + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: ScanSys + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: SRXP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Synergy Core Product + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Synergy Elastic Search + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 6.6.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: WerkprogrammaGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Winbooks + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: WMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exivity + product: On-Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extensis + product: Universal Type Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=7.0.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.extensis.com/hc/en-us/articles/4412767414299-Universal-Type-Server-7-and-Log4j-vulnerabilities + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ExtraHop + product: Reveal(x) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <=8.4.6 + - <=8.5.3 + - <=8.6.4 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148 + notes: Versions >8.4.7, >8.5.4, >8.6.5 and >=8.7 are fixed. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: eXtreme Hosting + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremehosting.nl/log4shell-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: 200-series + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: BOSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: EXOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme AirDefense + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Campus Controller (Extreme Cloud Appliance) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Fabric Automation (EFA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Management Center (XMC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Visibility Manager (XVM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeAnalytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeCloud A3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeCloud IQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeConnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeControl + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeGuest + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeLocation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeWireless (IdentiFi) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Fabric Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Guest and IoT Manager (GIM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: HiveManager Classic On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: HiveManager Classic Online + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Ipanema Ip | Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Ipanema SALSA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 9.3.8 + - 9.4.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Ipanema SD-WAN Orchestrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: IQEngine (HiveOS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: IQVA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 21.1.22.1-IQVA + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: NetIron OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Network OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: NSight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: SLX-OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Traffic Sensor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: VGVA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: VOSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: WiNG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extron + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.extron.com/featured/Security-at-Extron/extron-security + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F-Secure + product: Elements Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F-Secure + product: Endpoint Proxy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 13 through 15 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.f-secure.com/incidents/sk8vmr0h34pd + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F-Secure + product: Messaging Security Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F-Secure + product: Policy Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 13 through 15 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.f-secure.com/incidents/sk8vmr0h34pd + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F-Secure + product: Policy Manager Proxy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 13 through 15 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.f-secure.com/incidents/sk8vmr0h34pd + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: BIG-IP (all modules) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 11.x - 16.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.f5.com/csp/article/K19026212 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: BIG-IQ Centralized Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 7.x - 8.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.f5.com/csp/article/K19026212 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: F5OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 1.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.f5.com/csp/article/K19026212 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX App Protect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 3.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.f5.com/csp/article/K19026212 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 3.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.f5.com/csp/article/K19026212 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Ingress Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 1.x - 2.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.f5.com/csp/article/K19026212 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Instance Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 1.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.f5.com/csp/article/K19026212 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Open Source + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 1.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.f5.com/csp/article/K19026212 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Plus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - R19 - R25 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.f5.com/csp/article/K19026212 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Service Mesh + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 1.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.f5.com/csp/article/K19026212 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Unit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 1.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.f5.com/csp/article/K19026212 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: Traffix SDC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 5.x + - 5.2.0 CF1 + - 5.1.0 CF-30 - 5.1.0 CF-33 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.f5.com/csp/article/K19026212 + notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + + Kibana), Element Management System' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FAST LTA + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.fast-lta.de/en/log4j2-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fastly + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FedEx + product: Ship Manager Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: + - 340x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 + notes: Note - FedEx is aware of the issue related to the Log4j Remote Code Execution + vulnerability affecting various Apache products. We are actively assessing the + situation and taking necessary action as appropriate. As a result, we are temporarily + unable to provide a link to download the FedEx Ship Manager software or generate + product keys needed for registration of FedEx Ship Manager software. We are + working to have this resolved as quickly as possible and apologize for the inconvenience. + For related questions or the most updated information, customers should check + FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: FedEx + product: Ship Manager Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: + - '3509' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 + notes: Note - FedEx is aware of the issue related to the Log4j Remote Code Execution + vulnerability affecting various Apache products. We are actively assessing the + situation and taking necessary action as appropriate. As a result, we are temporarily + unable to provide a link to download the FedEx Ship Manager software or generate + product keys needed for registration of FedEx Ship Manager software. We are + working to have this resolved as quickly as possible and apologize for the inconvenience. + For related questions or the most updated information, customers should check + FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Fiix + product: Fiix CMMS Core + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v5 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: The product has been updated to Log4j version 2.15. An additional patch + is being developed to update to 2.16. No user interaction is required. This + advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: FileCap + product: Plugins + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileCap + product: Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.1.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileCatalyst + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileCloud + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileWave + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileZilla + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.filezilla-project.org/viewtopic.php?f=6&t=54338 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FINVI + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://finvi.com/support/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FireDaemon + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.firedaemon.com/support/solutions/articles/4000178630 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fisher & Paykel Healthcare + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fphcare.com/us/our-company/contact-us/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Flexagon + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Flexera + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Advanced Malware Detection + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Behavioral Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Bitglass SSE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: CASB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Cloud Security Gateway (CSG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Content Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: DDP/DUP/DPS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Directory Synchronization + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: DLP Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Email Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Insider Threat + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Next Generation Firewall (NGFW) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: NGFW Security Management Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: NGFW Virtual SMC Appliances + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: NGFW VPN Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: One Endpoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Security Manager (Web, Email and DLP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Sidewinder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: User ID service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Web Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forescout + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ForgeRock + product: Autonomous Identity + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa + notes: All other ForgeRock products not affected. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: Autonomous Identity + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiADC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAIOps + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.0.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAnalyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAnalyzer Big Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 6.4.7 + - 7.0.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAnalyzer Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAuthenticator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiCache + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiCarrier + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiCASB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiClient + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiClient Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiClient EMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiConnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiConverter Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiCWP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDDoS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDDoS-F + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDeceptor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiEDR Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiEDR Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiExtender Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiGate Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiGSLB Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiInsight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiIsolator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.3.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiLAN Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiMail + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiManager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiManager Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiMonitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiNAC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiOS (includes FortiGate & FortiWiFi) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPenTest + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPhish Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPolicy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPortal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPresence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiProxy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiRecorder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSandbox + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSASE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSIEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSOAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSwitch & FortiSwitchManager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSwitch Cloud in FortiLANCloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiTester + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiToken Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiVoice + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWeb Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWLC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: ShieldX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FTAPI + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/# + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000S series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS2000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V8 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V9 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH X1 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: TELLUS and V-Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 3 + - Version 4 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 5 + - Version 6 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fujitsu + product: AIS Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: Bean Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BS2000 Hardware + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BS2000 Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BX400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BX900 MMB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: eLux RP on FUTRO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS AB/HB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS CS800 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS CS8000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS DX/AF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS JX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS LT140/260 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS LT20/40/60 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS SF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS SF MA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: FlexFrame + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: INTELLIEGDLE A/G + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: iRMC on PRIMERGY + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ISM for PRIMERGY, PQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: NECoP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openFT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openSEAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openUTM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openUTM (WebAdm.) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: PRIMEFLEX for MS S2D + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: PTC Axeda (AIS Con.) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SBAX2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SBAX3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SecDocs + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView IM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView OM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView OM/UM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView RAID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView Rem. Con. + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView VIOM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SOA Pro. Mgmt. Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SOA SysRollout Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS Services for ISM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS UME + LinuxLife + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS VMware Op. Mgr. + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS VMware vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: Web Transactions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FusionAuth + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '1.32' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GE Digital + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories + notes: This advisory is available to customers only and has not been reviewed + by CISA. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Digital Grid + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585 + notes: This advisory is available to customers only and has not been reviewed + by CISA. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Asset Performance Management (APM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed + in development environment and the team is currently deploying the fixes in + the production environment. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power is still validating the workaround provided by FoxGuard in + Technical Information Notice – M1221-S01. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) 2.0 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that + is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded + from link in reference section. This update is available to customer only and + has not been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Control Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Please see vCenter. Control Server is not directly impacted. It is impacted + through vCenter. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: MyFleet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Planning + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Tag Mapping Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the update provided by Vmware. The + update and instructions can be downloaded from link in reference section. This + update is available to customer only and has not been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Healthcare + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securityupdate.gehealthcare.com + notes: This advisory is not available at the time of this review, due to maintence + on the GE Healthcare website. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Gearset + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Genesys + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GeoServer + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoNetwork + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: Gerrit Code Review + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: Kerio Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghidra + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghisler + product: Total Commander + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ghisler.com/whatsnew.htm + notes: Third Party plugins might contain log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gigamon + product: Fabric Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - <5.13.01.02 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.gigamon.com/gigamoncp/s/my-gigamon + notes: Updates available via the Gigamon Support Portal. This advisory available + to customers only and has not been reviewed by CISA. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: GitHub + product: GitHub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - GitHub.com and GitHub Enterprise Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: GitHub + product: GitHub Enterprise Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.0.22 + - 3.1.14 + - 3.2.6 + - 3.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: GitLab + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: DAST Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Dependency Scanning + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Gemnasium-Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: PMD OSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: SAST + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Spotbugs + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Globus + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GoAnywhere + product: Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Version 2.7.0 or later + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: MFT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Version 5.3.0 or later + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: MFT Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 1.4.2 or later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Open PGP Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Suveyor/400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoCD + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.gocd.org/2021/12/14/log4j-vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:52+00:00' + - vendor: Google + product: Chrome + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html + notes: Chrome Browser releases, infrastructure and admin console are not using + versions of Log4j affected by the vulnerability. + references: + - '' + last_updated: '2022-01-14' + - vendor: Google Cloud + product: Access Transparency + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Actifio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and + has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) + for the full statement and to obtain the hotfix (available to Actifio customers + only). + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AI Platform Data Labeling + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AI Platform Neural Architecture Search (NAS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AI Platform Training and Prediction + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Anthos environments to identify components dependent on Log4j 2 and update them + to the latest version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos Config Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos Hub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos Identity Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos on VMWare + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check + VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds + to their VMware products as they become available. We also recommend customers + review their respective applications and workloads affected by the same vulnerabilities + and apply appropriate patches. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos Premium Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos Service Mesh + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Apigee + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not + used and therefore the VMs were not impacted by the issues in CVE-2021-44228 + and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. + It is possible that customers may have introduced custom resources that are + using vulnerable versions of Log4j. We strongly encourage customers who manage + Apigee environments to identify components dependent on Log4j and update them + to the latest version. Visit the Apigee Incident Report for more information. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Google Cloud + product: App Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + App Engine environments to identify components dependent on Log4j 2 and update + them to the latest version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AppSheet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At + this time, we have identified no impact to core AppSheet functionality. Additionally, + we have patched one Java-based auxiliary service in our platform. We will continue + to monitor for affected services and patch or remediate as required. If you + have any questions or require assistance, contact AppSheet Support. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Artifact Registry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Assured Workloads + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AutoML + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AutoML Natural Language + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AutoML Tables + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AutoML Translation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AutoML Video + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AutoML Vision + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: BigQuery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: BigQuery Data Transfer Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: BigQuery Omni + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: BigQuery Omni, which runs on AWS and Azure infrastructure, does not use + Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. + We continue to work with AWS and Azure to assess the situation. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Binary Authorization + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Certificate Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Chronicle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Asset Inventory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Bigtable + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Cloud Build + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Build environments to identify components dependent on Log4j 2 and update + them to the latest version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud CDN + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Composer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and + is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible + that customers may have imported or introduced other dependencies via DAGs, + installed PyPI modules, plugins, or other services that are using vulnerable + versions of Log4j 2. We strongly encourage customers, who manage Composer environments + to identify components dependent on Log4j 2 and update them to the latest version. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Google Cloud + product: Cloud Console App + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Data Loss Prevention + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Debugger + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Deployment Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud DNS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Endpoints + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud External Key Manager (EKM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Functions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Functions environments to identify components dependent on Log4j 2 and + update them to the latest version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Hardware Security Module (HSM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Interconnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Intrusion Detection System (IDS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Key Management Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Load Balancing + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Logging + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Natural Language API + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Network Address Translation (NAT) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Profiler + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Router + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Run + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Run environments to identify components dependent on Log4j 2 and update + them to the latest version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Run for Anthos + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Run for Anthos environments to identify components dependent on Log4j + 2 and update them to the latest version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Scheduler + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Shell + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Shell environments to identify components dependent on Log4j 2 and update + them to the latest version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Source Repositories + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Spanner + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Cloud SQL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Cloud Storage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Tasks + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Trace + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Traffic Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Translation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Vision + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Vision OCR On-Prem + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud VPN + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: CompilerWorks + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Compute Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Compute Engine does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, + we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes + to Google Cloud VMware Engine as they become available. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Contact Center AI (CCAI) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Contact Center AI Insights + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Container Registry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Data Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 + and CVE-2021-45046. We strongly encourage customers who introduced their own + connectors to identify dependencies on Log4j 2 and update them to the latest + version. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Data Fusion + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Data Fusion does not use Log4j 2, but uses Dataproc as one of the options + to execute pipelines. Dataproc released new images on December 18, 2021 to address + the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow + instructions in a notification sent on December 18, 2021 with the subject line + “Important information about Data Fusion.” + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Database Migration Service (DMS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Dataflow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: 'Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 + and CVE-2021-45046. If you have changed dependencies or default behavior, it + is strongly recommended you verify there is no dependency on vulnerable versions + Log4j 2. Customers have been provided details and instructions in a notification + sent on December 17, 2021 with the subject line “Update #1 to Important information + about Dataflow.”' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Google Cloud + product: Dataproc + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Dataproc released new images on December 18, 2021 to address the vulnerabilities + in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions + in notifications sent on December 18, 2021 with the subject line “Important + information about Dataproc” with Dataproc documentation. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Dataproc Metastore + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Dataproc Metastore has been updated to mitigate the issues identified in + CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent + two notifications with instructions on December 17, 2021 with the subject line + “Important information regarding Log4j 2 vulnerability in your gRPC-enabled + Dataproc Metastore.” + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Datastore + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Datastream + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Dialogflow Essentials (ES) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Document AI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Event Threat Detection + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Eventarc + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Filestore + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Log4j 2 is contained within the Filestore service; there is a technical + control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. + Log4j 2 will be updated to the latest version as part of the scheduled rollout + in January 2022. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Firebase + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Firestore + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Game Servers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Google Cloud Armor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Google Cloud Armor Managed Protection Plus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Google Cloud VMware Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: We are working with VMware and tracking VMSA-2021-0028.1. We will deploy + fixes as they become available. + references: + - '' + last_updated: '2021-12-11T00:00:00' + - vendor: Google Cloud + product: Google Kubernetes Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Google Kubernetes Engine does not use Log4j 2 and is not impacted by the + issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have + introduced a separate logging solution that uses Log4j 2. We strongly encourage + customers who manage Google Kubernetes Engine environments to identify components + dependent on Log4j 2 and update them to the latest version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Healthcare Data Engine (HDE) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Human-in-the-Loop AI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: IoT Core + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Key Access Justifications (KAJ) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Looker + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Looker-hosted instances have been updated to a Looker version with Log4j v2.16. + Looker is currently working with third-party driver vendors to evaluate the + impact of the Log4j vulnerability. As Looker does not enable logging for these + drivers in Looker-hosted instances, no messages are logged. We conclude that + the vulnerability is mitigated. We continue to actively work with the vendors + to deploy a fix for these drivers. Looker customers who self-manage their Looker + instances have received instructions through their technical contacts on how + to take the necessary steps to address the vulnerability. Looker customers who + have questions or require assistance, please visit Looker Support. + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: Google Cloud + product: Media Translation API + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Memorystore + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Migrate for Anthos + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Migrate for Compute Engine (M4CE) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: M4CE has been updated to mitigate the issues identified in CVE-2021-44228 + and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. + A notification was sent to customers on December 17, 2021 with subject line + “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 + or below. If you are on M4CE v5.0 or above, no action is needed. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Network Connectivity Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Network Intelligence Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Network Service Tiers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Persistent Disk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Pub/Sub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Google Cloud + product: Pub/Sub Lite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Pub/Sub Lite environments to identify components dependent on Log4j 2 and update + them to the latest version. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Google Cloud + product: reCAPTCHA Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Recommendations AI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Retail Search + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Risk Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Secret Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Security Command Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Service Directory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Service Infrastructure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Speaker ID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Speech-to-Text + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Speech-to-Text On-Prem + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Storage Transfer Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Talent Solution + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Text-to-Speech + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Transcoder API + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Transfer Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Video Intelligence API + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Virtual Private Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Web Security Scanner + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Workflows + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Gradle + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.gradle.org/log4j-vulnerability + notes: Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gradle + product: Gradle Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 2021.3.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.gradle.com/advisory/2021-11 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gradle + product: Gradle Enterprise Build Cache Node + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 10.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.gradle.com/advisory/2021-11 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gradle + product: Gradle Enterprise Test Distribution Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.6.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.gradle.com/advisory/2021-11 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Grafana + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Grandstream + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Access Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 3.10.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Access Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 3.5.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Alert Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 1.5.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Alert Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 1.4.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: API Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 3.10.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: API Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 3.5.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Cockpit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 1.4.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravwell + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + notes: Gravwell products do not use Java. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Graylog + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.3.15 + - 4.0.14 + - 4.1.9 + - 4.2.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.graylog.org/post/graylog-update-for-log4j + notes: The vulnerable Log4j library is used to record GrayLogs own log information. + Vulnerability is not triggered when GrayLog stores exploitation vector from + an outer system. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Graylog + product: Graylog Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All versions >= 1.2.0 and <= 4.2.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.graylog.org/post/graylog-update-for-log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GreenShot + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://greenshot.atlassian.net/browse/BUG-2871 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GSA + product: Cloud.gov + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.gov/2021/12/14/log4j-buildpack-updates/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: GuardedBox + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.1.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/GuardedBox/status/1469739834117799939 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Guidewire + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HAProxy + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.haproxy.com/blog/december-2021-log4shell-mitigation/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HarmanPro AMX + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.harmanpro.com/apache-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Boundary + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Consul + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Consul Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Nomad + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Nomad Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Packer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Terraform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Terraform Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Vagrant + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Vault + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Vault Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Waypoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HCL Software + product: BigFix Compliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Insights + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Insights for Vulnerability Remediation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Inventory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 10.0.7 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Lifecycle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Mobile + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Patch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: HelpSystems Clearswift + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HENIX + product: Squash TM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.21.7-1.22.9 + - 2.0.3-2.1.5 + - 2.2.0-3.0.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions + notes: '' + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Hexagon + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hikvision + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hitachi Energy + product: 3rd party - Elastic Search, Kibana + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Elasticsearch 5.0.0+ + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: Set the JVM option -Dlog4j2.formatMsgNoLookups=true and restart each node + of the cluster. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: 3rd party - Oracle Database Components + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.1' + - '12.2' + - 19c + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: As this is a third-party component, a separate patch management report + will be provided to customers with the steps to apply the Oracle provided patches + for these components. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Axis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No action is required by customers. Axis is a fully SaaS hosted solution + and the environment has been patched per the recommendations + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Counterparty Settlement and Billing (CSB) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: e-Mesh Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No end-user action needed. The affected e-Mesh Monitor part is at the cloud + offering side of which the remediation is handled by Hitachi Energy team. Remediation + is currently ongoing, and during this time period, e-Mesh Monitor edge device + is not able to upload data to cloud. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: eSOMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hitachienergy.com/offering/solutions/cybersecurity/alerts-and-notifications + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hitachi Energy + product: FOXMAN-UN + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - R15A + - R14B + - R14A + - R11B SP1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. . For + details on how to apply such patch, please refer to the technical bulletin “FOXMAN-UN + - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi + Energy Customer Connect Portal. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: FOXMAN-UN + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - R11A and R10 series + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: Apply General Mitigations and upgrade to latest version. For upgrades, + please get in touch with your Hitachi Energy contacts. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Lumada APM On-premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See vendor advisory for instructions for various versions. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Lumada APM SaaS offering + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No action is required by customers. The SaaS offering has been patched + per the recommendations. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Lumada EAM / FSM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v1.7.x + - v1.8.x + - v1.9.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See Section Mitigation Strategy in vendor advisory. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: MMS Internal facing subcomponent. + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Network Manager ADMS Network Model Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 9.1.0.32-9.1.0.44 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See vendor advisory for instructions on mitigation steps. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Network Manager Outage Management Interface (CMI) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 9.0-9.10.44 + - 9.1.1 + - 10.3.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See vendor advisory for instructions on mitigation steps. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: nMarket Global I-SEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.7.15 + - 3.7.16 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: RelCare + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.0.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No action is required by customers. The RelCare SaaS hosted solution and + the on-premises have been patched per the recommendations. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: UNEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - R15A + - R14B + - R14A + - R11B SP1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. For details + on how to apply such patch, please refer to the technical bulletin “UNEM - Installation + of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer + Connect Portal. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: UNEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - R11A and R10 series + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: Apply General Mitigations and upgrade to latest version. For upgrades, + please get in touch with your Hitachi Energy contacts. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Vantara + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HMS Industrial Networks AB + product: Cosy, Flexy and Ewon CD + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: eCatcher Mobile applications + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: eCatcher Windows software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: Netbiter Hardware including EC, WS, and LC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: Talk2M including M2Web + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: HOLOGIC + product: Advanced Workflow Manager (AWM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Affirm Prone Biopsy System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Brevera Breast Biopsy System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Cenova Image Analytics Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Dimensions / 3Dimensions Mammography System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Discovery Bone Densitometer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron CT Specimen Radiography System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, there is + a utility program installed that may utilize Java and Log4J. This utility program + does not run on startup and is not required for system operation. Please contact + Hologic Service for assistance in removing this program. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron Specimen Radiography Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Fluoroscan Insight Mini C-Arm + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Horizon DXA Bone Densitometer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Rosetta DC Tomosynthesis Data Converter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurView DX Workstation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurXChange Router + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Trident HD Specimen Radiography System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Unifi Workspace + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Windows Selenia Mammography System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Honeywell + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HP + product: Teradici Cloud Access Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < v113 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici EMSDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.0.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici Management Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 21.10.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP Connection Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 21.03.6 + - < 20.07.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP License Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: HPE + product: 3PAR StoreServ Arrays + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: AirWave Management Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Alletra 6000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Alletra 9k + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba Central + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba ClearPass Policy Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba ClearPass Policy Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba Instant (IAP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba Location Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba NetEdit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba PVOS Switches + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba SDN VAN Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba User Experience Insight (UXI) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba VIA Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: ArubaOS SD-WAN Controllers and Gateways + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: ArubaOS Wi-Fi Controllers and Gateways + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: ArubaOS-CX switches + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: ArubaOS-S switches + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: BladeSystem Onboard Administrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Brocade Network Advisor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: CloudAuth + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: CloudPhysics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Compute Cloud Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Compute operations manager- FW UPDATE SERVICE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: COS (Cray Operating System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Cray Systems Management (CSM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Custom SPP Portal [Link](https://spp.hpe.com/custom) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Data Services Cloud Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Harmony Data Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HOP public services (grafana, vault, rancher, Jenkins) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN2600B SAN Extension Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN4000B SAN Extension Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN6000B Fibre Channel Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN6500B Fibre Channel Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN6600B Fibre Channel Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN6650B Fibre Channel Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN6700B Fibre Channel Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Customer Experience Assurance (CEA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Home Location Register (HLR/I-HLR) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Infosight for Servers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Integrated Home Subscriber Server (I-HSS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Intelligent Messaging (IM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Intelligent Network Server (INS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Multimedia Services Environment (MSE) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Convergent Communications Platform (OCCP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Media Platform Media Resource Function (OCMP-MRF) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Service Access Controller (OC SAC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Service Controller (OCSC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Universal Signaling Platform (OC-USP-M) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OneView + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE OneView for VMware vRealize Operations (vROps) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE OneView Global Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Performance Cluster Manager (HPCM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Performance Manager (PM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Position Determination Entity (PDE) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Secure Identity Broker (SIB) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Activator (SA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Governance Framework (SGF) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Orchestration Manager (SOM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Provisioner (SP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Short Message Point-to-Point Gateway (SMPP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Slingshot + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Smart Interaction Server (SIS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE SN3000B Fibre Channel Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8000B 4-Slot SAN Director Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8000B 8-Slot SAN Backbone Director Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8600B 4-Slot SAN Director Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8600B 8-Slot SAN Director Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8700B 4-Slot Director Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8700B 8-Slot Director Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Subscriber, Network, and Application Policy (SNAP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Subscription Manager (SM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Synergy Image Streamer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Systems Insight Manager (SIM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Telecom Application Server (TAS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified Correlation and Automation (UCA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified Mediation Bus (UMB) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified OSS Console (UOC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified Topology Manager (UTM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Universal Identity Repository (VIR) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Universal SLA Manager (uSLAM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Virtual Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Virtual Connect Enterprise Manager (VCEM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Virtual Provisioning Gateway (vPGW) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Virtual Server Environment (VSE) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Virtual Subscriber Data Management (vSDM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE WebRTC Gateway Controller (WGW) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Wi-Fi Authentication Gateway (WauG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Insight Cluster Management Utility (CMU) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrated Lights-Out (iLO) Amplifier Pack + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrated Lights-Out 4 (iLO 4) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '4' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrated Lights-Out 5 (iLO 5) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity BL860c, BL870c, BL890c + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity Rx2800/Rx2900 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity Superdome 2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity Superdome X + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Intelligent Provisioning + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: iSUT integrated smart update tool + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Maven Artifacts (Atlas) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: MSA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: NetEdit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Nimble Storage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: NS-T0634-OSM CONSOLE TOOLS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: NS-T0977-SCHEMA VALIDATOR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: OfficeConnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Primera Storage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: RepoServer part of OPA (on Premises aggregator) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Resource Aggregator for Open Distributed Infrastructure Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: RESTful Interface Tool (iLOREST) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SAT (System Admin Toolkit) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI MC990 X Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 2000 Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 300, 300H, 300RL, 30EX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 3000 Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SN8700B 8-Slot Director Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEasy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver CVTL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver LTO Tape Drives + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver MSL Tape Libraries + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreOnce + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SUM (Smart Update Manager) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex 280 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: UAN (User Access Node) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE/Micro Focus + product: Data Protector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '9.09' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://portal.microfocus.com/s/article/KM000003243 + notes: '' + references: + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-17T00:00:00' + - vendor: Huawei + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hubspot + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: I-Net software + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: I2P + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBA-AG + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.iba-ag.com/en/security + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ibexa + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developers.ibexa.co/security-advisories/cve-2021-44228-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: Analytics Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: App Configuration + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: App Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: App ID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Application Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Aspera + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Aspera Endpoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Aspera Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Aspera fasp.io + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Bare Metal Servers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: BigFix Compliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: BigFix Inventory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - VM Manager Tool & SAP Tool + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: To verify if your instance is affected, go to the lib subdirectory of the + tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version + of log4j is included. Version is included in the name of the library. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: Block Storage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Block Storage for VPC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Block Storage Snapshots for VPC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Case Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Certificate Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Client VPN for VPC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Cloud Activity Tracker + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Cloud Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Cloud Monitoring + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Cloud Object Storage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Cloud Object Storage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Cloudant + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Code Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Cognos Command Center cves: cve-2021-4104: investigated: false @@ -25132,13 +60171,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.device42.com/2021/12/13/log4j-zero-day/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Devolutions - product: All products + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Cognos Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 10.4.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/support/pages/node/6526468> + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Cognos Integration Server cves: cve-2021-4104: investigated: false @@ -25161,13 +60230,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Diebold Nixdorf - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Compose Enterprise cves: cve-2021-4104: investigated: false @@ -25190,13 +60259,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dieboldnixdorf.com/en-us/apache + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Digi International - product: AnywhereUSB Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Compose for Elasticsearch cves: cve-2021-4104: investigated: false @@ -25219,13 +60288,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: ARMT + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Compose for etcd cves: cve-2021-4104: investigated: false @@ -25248,13 +60317,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Aview + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Compose for MongoDB cves: cve-2021-4104: investigated: false @@ -25277,13 +60346,419 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: AVWOB + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Compose for MySQL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Compose for PostgreSQL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Compose for RabbitMQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Compose for Redis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Compose for RethinkDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Compose for ScyllaDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Container Registry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Container Security Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Content Delivery Network + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Continuous Delivery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Copy Services Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Databases for DataStax + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Databases for EDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Databases for Elasticsearch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Databases for etcd cves: cve-2021-4104: investigated: false @@ -25306,13 +60781,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: CTEK G6200 family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Databases for MongoDB cves: cve-2021-4104: investigated: false @@ -25335,13 +60810,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: CTEK SkyCloud + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Databases for PostgreSQL cves: cve-2021-4104: investigated: false @@ -25364,13 +60839,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: CTEK Z45 family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Databases for Redis cves: cve-2021-4104: investigated: false @@ -25393,13 +60868,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi 54xx family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Datapower Gateway cves: cve-2021-4104: investigated: false @@ -25422,13 +60897,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi 63xx family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Dedicated Host for VPC cves: cve-2021-4104: investigated: false @@ -25451,13 +60926,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi AnywhereUSB (G2) family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Direct Link Connect cves: cve-2021-4104: investigated: false @@ -25480,13 +60955,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi AnywhereUSB Plus family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Direct Link Connect on Classic cves: cve-2021-4104: investigated: false @@ -25509,13 +60984,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Connect EZ family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Direct Link Dedicated (2.0) cves: cve-2021-4104: investigated: false @@ -25538,13 +61013,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Connect family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Direct Link Dedicated Hosting on Classic cves: cve-2021-4104: investigated: false @@ -25567,13 +61042,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Connect IT family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Direct Link Dedicated on Classic cves: cve-2021-4104: investigated: false @@ -25596,13 +61071,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Connect Sensor family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Direct Link Exchange on Classic cves: cve-2021-4104: investigated: false @@ -25625,13 +61100,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Connect WS family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: DNS Services cves: cve-2021-4104: investigated: false @@ -25654,13 +61129,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi ConnectPort family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Emptoris Contract Management cves: cve-2021-4104: investigated: false @@ -25683,13 +61158,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi ConnectPort LTS family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Emptoris Program Management cves: cve-2021-4104: investigated: false @@ -25712,13 +61187,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Embedded Android + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Emptoris Sourcing cves: cve-2021-4104: investigated: false @@ -25741,13 +61216,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Embedded Yocto + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Emptoris Spend Analysis cves: cve-2021-4104: investigated: false @@ -25770,13 +61245,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi EX routers + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Emptoris Supplier Lifecycle Management cves: cve-2021-4104: investigated: false @@ -25799,13 +61274,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi IX routers + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Enterprise Tape Controller Model C07 (3592) (ETC) cves: cve-2021-4104: investigated: false @@ -25828,13 +61303,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi LR54 + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Event Notifications cves: cve-2021-4104: investigated: false @@ -25857,13 +61332,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Navigator + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Event Streams cves: cve-2021-4104: investigated: false @@ -25886,13 +61361,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi One family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: File Storage cves: cve-2021-4104: investigated: false @@ -25915,13 +61390,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Passport family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Flash System 900 (& 840) cves: cve-2021-4104: investigated: false @@ -25944,13 +61419,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi PortServer TS family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Flow Logs for VPC cves: cve-2021-4104: investigated: false @@ -25973,13 +61448,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Remote Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Functions cves: cve-2021-4104: investigated: false @@ -26002,13 +61477,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi TX routers + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: GSKit cves: cve-2021-4104: investigated: false @@ -26031,13 +61506,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR11 + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Guardium S-TAP for Data Sets on z/OS cves: cve-2021-4104: investigated: false @@ -26060,13 +61535,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR21 + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Guardium S-TAP for DB2 on z/OS cves: cve-2021-4104: investigated: false @@ -26089,13 +61564,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR31 + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Guardium S-TAP for IMS on z/OS cves: cve-2021-4104: investigated: false @@ -26118,13 +61593,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR44R/RR + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Hyper Protect Crypto Services cves: cve-2021-4104: investigated: false @@ -26147,13 +61622,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR54 + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Hyper Protect DBaaS for MongoDB cves: cve-2021-4104: investigated: false @@ -26176,13 +61651,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR64 + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Hyper Protect DBaaS for PostgreSQL cves: cve-2021-4104: investigated: false @@ -26205,13 +61680,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Xbee mobile app + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Hyper Protect Virtual Server cves: cve-2021-4104: investigated: false @@ -26234,13 +61709,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Lighthouse + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: i2 Analyst’s Notebook cves: cve-2021-4104: investigated: false @@ -26263,13 +61738,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Realport + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: i2 Base cves: cve-2021-4104: investigated: false @@ -26292,13 +61767,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Remote Hub Config Utility + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Application Runtime Expert for i cves: cve-2021-4104: investigated: false @@ -26321,13 +61796,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digicert - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Backup, Recovery and Media Services for i cves: cve-2021-4104: investigated: false @@ -26350,13 +61825,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.digicert.com/alerts/digicert-log4j-response.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Digital AI - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Db2 Mirror for i cves: cve-2021-4104: investigated: false @@ -26379,13 +61854,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Digital Alert Systems - product: All + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM HTTP Server cves: cve-2021-4104: investigated: false @@ -26408,13 +61883,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digitalalertsystems.com/default-2.htm - notes: Formerly Monroe Electronics, Inc. + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: DNSFilter - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM i Access Family cves: cve-2021-4104: investigated: false @@ -26437,13 +61912,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Docker - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM i Portfolio of products under the Group SWMA cves: cve-2021-4104: investigated: false @@ -26466,13 +61941,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Docusign - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM PowerHA System Mirror for i cves: cve-2021-4104: investigated: false @@ -26495,14 +61970,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: DrayTek - product: Vigor Routers, Access Points, Switches, VigorACS Central Management Software, - MyVigor Platform + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Direct Browser User Interface cves: cve-2021-4104: investigated: false @@ -26525,13 +61999,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: DSpace - product: '' + - vendor: IBM + product: IBM Sterling Connect:Direct File Agent cves: cve-2021-4104: investigated: false @@ -26539,8 +62013,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - See Vendor Links fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26554,13 +62029,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE + - https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-connectdirect-for-unix-cve-2021-44228/ notes: '' references: - - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Dynatrace - product: ActiveGate + - '[https://www.ibm.com/support/pages/node/6526688](https://www.ibm.com/support/pages/node/6526688), + [https://www.ibm.com/support/pages/node/6528324](https://www.ibm.com/support/pages/node/6528324), + [https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/)' + last_updated: '2021-12-20T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Direct for HP NonStop cves: cve-2021-4104: investigated: false @@ -26583,13 +62060,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: Dynatrace Extensions + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Direct for i5/OS cves: cve-2021-4104: investigated: false @@ -26612,13 +62089,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: FedRamp SAAS + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Direct for OpenVMS cves: cve-2021-4104: investigated: false @@ -26641,13 +62118,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: Managed cluster nodes + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Express for Microsoft Windows cves: cve-2021-4104: investigated: false @@ -26670,13 +62147,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: OneAgent + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Express for UNIX cves: cve-2021-4104: investigated: false @@ -26699,13 +62176,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: SAAS + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Express for z/OS cves: cve-2021-4104: investigated: false @@ -26728,13 +62205,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: Synthetic Private ActiveGate + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Instana Agent cves: cve-2021-4104: investigated: false @@ -26742,8 +62219,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Timestamp lower than 12-11-2021 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26757,13 +62235,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + - https://status.instana.io/incidents/4zgcd2gzf4jw + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: Synthetic public locations + last_updated: '2021-12-14T00:00:00' + - vendor: IBM + product: Internet Services cves: cve-2021-4104: investigated: false @@ -26786,13 +62264,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: EasyRedmine - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Key Lifecycle Manager for z/OS cves: cve-2021-4104: investigated: false @@ -26815,13 +62293,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Eaton - product: Undisclosed + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Key Protect cves: cve-2021-4104: investigated: false @@ -26829,9 +62307,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Undisclosed + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26845,15 +62322,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf - notes: Doesn't openly disclose what products are affected or not for quote 'security - purposes'. Needs email registration. No workaround provided due to registration - wall. + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: EclecticIQ - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Knowledge Studio cves: cve-2021-4104: investigated: false @@ -26876,13 +62351,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Eclipse Foundation - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Kubernetes Service cves: cve-2021-4104: investigated: false @@ -26905,13 +62380,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228) + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Edwards - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Load Balancer for VPC cves: cve-2021-4104: investigated: false @@ -26934,13 +62409,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.edwards.com/devices/support/product-security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: EFI - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Log Analysis cves: cve-2021-4104: investigated: false @@ -26963,13 +62438,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: EGroupware - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Managed VMware Service cves: cve-2021-4104: investigated: false @@ -26992,13 +62467,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Elastic - product: APM Java Agent + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Management Extender for VMware vCenter cves: cve-2021-4104: investigated: false @@ -27020,14 +62495,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: APM Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: Mass Data Migration cves: cve-2021-4104: investigated: false @@ -27050,13 +62524,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Beats + - vendor: IBM + product: Maximo EAM SaaS cves: cve-2021-4104: investigated: false @@ -27079,13 +62553,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Cmd + - vendor: IBM + product: Message Hub cves: cve-2021-4104: investigated: false @@ -27108,13 +62582,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Agent + - vendor: IBM + product: MQ Appliance cves: cve-2021-4104: investigated: false @@ -27137,13 +62611,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Cloud + - vendor: IBM + product: MQ on IBM Cloud cves: cve-2021-4104: investigated: false @@ -27166,13 +62640,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Cloud Enterprise + - vendor: IBM + product: Natural Language Understanding cves: cve-2021-4104: investigated: false @@ -27195,13 +62669,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Cloud Enterprise + - vendor: IBM + product: OmniFind Text Search Server for DB2 for i cves: cve-2021-4104: investigated: false @@ -27224,13 +62698,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Cloud on Kubernetes + - vendor: IBM + product: OPENBMC cves: cve-2021-4104: investigated: false @@ -27253,13 +62727,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Endgame + - vendor: IBM + product: Planning Analytics Workspace cves: cve-2021-4104: investigated: false @@ -27267,8 +62741,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '>2.0.57' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27282,13 +62757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/support/pages/node/6525700 notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Maps Service + - vendor: IBM + product: Power HMC cves: cve-2021-4104: investigated: false @@ -27296,8 +62771,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - V9.2.950.0 & V10.1.1010.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27311,13 +62787,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/support/pages/node/6526172?myns=pwrsmc&mynp=OCSGGSNP&mync=E&cm_sp=pwrsmc-_-OCSGGSNP-_-E notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elasticsearch + - vendor: IBM + product: PowerSC cves: cve-2021-4104: investigated: false @@ -27325,11 +62801,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '5' - - '6' - - '8' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27343,13 +62816,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Endpoint Security + - vendor: IBM + product: PowerVM Hypervisor cves: cve-2021-4104: investigated: false @@ -27372,13 +62845,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Enterprise Search + - vendor: IBM + product: PowerVM VIOS cves: cve-2021-4104: investigated: false @@ -27401,13 +62874,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Fleet Server + - vendor: IBM + product: QRadar Advisor cves: cve-2021-4104: investigated: false @@ -27430,13 +62903,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Kibana + - vendor: IBM + product: Qradar Network Threat Analytics cves: cve-2021-4104: investigated: false @@ -27459,13 +62932,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Logstash + - vendor: IBM + product: QRadar SIEM cves: cve-2021-4104: investigated: false @@ -27473,10 +62946,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <6.8.21 - - <7.16.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27490,13 +62961,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Machine Learning + - vendor: IBM + product: Quantum Services cves: cve-2021-4104: investigated: false @@ -27519,13 +62990,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: ElasticSearch - product: all products + - vendor: IBM + product: Rational Developer for AIX and Linux cves: cve-2021-4104: investigated: false @@ -27547,13 +63018,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Elastic - product: Swiftype + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Rational Developer for i cves: cve-2021-4104: investigated: false @@ -27576,13 +63048,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Ellucian - product: Admin + - vendor: IBM + product: Red Hat OpenShift on IBM Cloud cves: cve-2021-4104: investigated: false @@ -27605,13 +63077,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Analytics + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Resilient cves: cve-2021-4104: investigated: false @@ -27633,14 +63105,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Document Management (includes Banner Document Retention) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: Robotic Process Automation cves: cve-2021-4104: investigated: false @@ -27663,13 +63134,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Event Publisher + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: SAN Volume Controller and Storwize Family cves: cve-2021-4104: investigated: false @@ -27692,13 +63163,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Integration for eLearning + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Satellite Infrastructure Service cves: cve-2021-4104: investigated: false @@ -27721,13 +63192,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Integration for eProcurement + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Schematics cves: cve-2021-4104: investigated: false @@ -27750,13 +63221,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Self Service + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Secrets Manager cves: cve-2021-4104: investigated: false @@ -27779,13 +63250,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Workflow + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Secure Gateway cves: cve-2021-4104: investigated: false @@ -27808,13 +63279,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Colleague + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Server Automation cves: cve-2021-4104: investigated: false @@ -27836,14 +63307,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: On-prem and cloud deployements expect fixed 12/18/2021 + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Colleague Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: Spectrum Archive Library Edition cves: cve-2021-4104: investigated: false @@ -27866,13 +63336,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: CRM Advance + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Discover cves: cve-2021-4104: investigated: false @@ -27895,13 +63365,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: CRM Advise + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Client Management Service cves: cve-2021-4104: investigated: false @@ -27924,13 +63394,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: CRM Recruit + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Databases: Data Protection for Oracle' cves: cve-2021-4104: investigated: false @@ -27953,13 +63423,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Advance Web Connector + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Databases: Data Protection for SQL' cves: cve-2021-4104: investigated: false @@ -27982,13 +63452,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Data Access + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect for Enterprise Resource Planning cves: cve-2021-4104: investigated: false @@ -28011,13 +63481,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Design Path + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Mail: Data Protection for Domino' cves: cve-2021-4104: investigated: false @@ -28040,13 +63510,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Ellucian Portal + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Mail: Data Protection for Exchange' cves: cve-2021-4104: investigated: false @@ -28069,13 +63539,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian ePrint + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect for Workstations cves: cve-2021-4104: investigated: false @@ -28098,13 +63568,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Ethos API & API Management Center + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect for z/OS USS Client and API cves: cve-2021-4104: investigated: false @@ -28127,13 +63597,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Ethos Extend + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus Db2 Agent cves: cve-2021-4104: investigated: false @@ -28156,13 +63626,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Ethos Integration + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus Exchange Agent cves: cve-2021-4104: investigated: false @@ -28185,13 +63655,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian eTranscripts + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus File Systems Agent cves: cve-2021-4104: investigated: false @@ -28214,13 +63684,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Experience + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus MongoDB Agent cves: cve-2021-4104: investigated: false @@ -28243,13 +63713,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Intelligent Platform (ILP) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus O365 Agent cves: cve-2021-4104: investigated: false @@ -28272,13 +63742,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian International Student and Scholar Management (ISSM) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Server cves: cve-2021-4104: investigated: false @@ -28301,13 +63771,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Message Service (EMS) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Snapshot for UNIX cves: cve-2021-4104: investigated: false @@ -28330,13 +63800,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Messaging Adapter (EMA) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Snapshot for UNIX cves: cve-2021-4104: investigated: false @@ -28359,13 +63829,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Mobile + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: SQL Query cves: cve-2021-4104: investigated: false @@ -28388,13 +63858,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Payment Gateway + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Gentran cves: cve-2021-4104: investigated: false @@ -28417,13 +63887,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian PowerCampus + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Order Management cves: cve-2021-4104: investigated: false @@ -28446,13 +63916,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Solution Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for ACORD cves: cve-2021-4104: investigated: false @@ -28475,13 +63945,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Workflow + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for Financial Services cves: cve-2021-4104: investigated: false @@ -28504,13 +63974,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Enterprise Identity Services(BEIS) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for FIX cves: cve-2021-4104: investigated: false @@ -28533,13 +64003,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 148 Temperature Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for NACHA cves: cve-2021-4104: investigated: false @@ -28562,13 +64032,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 2051 Pressure Transmitter Family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for PeopleSoft cves: cve-2021-4104: investigated: false @@ -28591,13 +64061,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 2088 Pressure Transmitter Family + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for SAP R/3 cves: cve-2021-4104: investigated: false @@ -28620,13 +64090,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 2090F/2090P Pressure Transmitters + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for SEPA cves: cve-2021-4104: investigated: false @@ -28649,13 +64119,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 215 Pressure Sensor Module + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for Siebel cves: cve-2021-4104: investigated: false @@ -28678,13 +64148,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 248 Configuration Application + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for SWIFT cves: cve-2021-4104: investigated: false @@ -28707,13 +64177,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 248 Temperature Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Packs for EDI cves: cve-2021-4104: investigated: false @@ -28736,13 +64206,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 3051 & 3051S Pressure transmitter families + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Packs for Healthcare cves: cve-2021-4104: investigated: false @@ -28765,13 +64235,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 3144P Temperature Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Trading Manager cves: cve-2021-4104: investigated: false @@ -28794,13 +64264,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 326P Pressure Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS1160 cves: cve-2021-4104: investigated: false @@ -28823,13 +64293,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 326T Temperature Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS2280 cves: cve-2021-4104: investigated: false @@ -28852,13 +64322,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 327T Temperature Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS2900 Library cves: cve-2021-4104: investigated: false @@ -28881,13 +64351,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4088 Pressure Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS3100-TS3200 Library cves: cve-2021-4104: investigated: false @@ -28910,13 +64380,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4088 Upgrade Utility + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS4500 Library cves: cve-2021-4104: investigated: false @@ -28939,13 +64409,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4600 Pressure Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage Virtualization Engine TS7700 cves: cve-2021-4104: investigated: false @@ -28968,13 +64438,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4732 Endeavor + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Tape System Library Manager cves: cve-2021-4104: investigated: false @@ -28997,13 +64467,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4732 Endeavor + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: TDMF for zOS cves: cve-2021-4104: investigated: false @@ -29026,13 +64496,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 550 PT Pressure Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Total Storage Service Console (TSSC) / TS4500 IMC cves: cve-2021-4104: investigated: false @@ -29055,13 +64525,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 5726 Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Transit Gateway cves: cve-2021-4104: investigated: false @@ -29084,13 +64554,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 5726 Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Tririga Anywhere cves: cve-2021-4104: investigated: false @@ -29113,13 +64583,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 644 Temperature Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: TS4300 cves: cve-2021-4104: investigated: false @@ -29142,13 +64612,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 648 Temperature Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Urbancode Deploy cves: cve-2021-4104: investigated: false @@ -29171,13 +64641,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 848T Temperature Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Virtual Private Cloud cves: cve-2021-4104: investigated: false @@ -29200,13 +64670,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Virtual Server for Classic cves: cve-2021-4104: investigated: false @@ -29229,13 +64699,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT2211 QCL Aerosol Microleak Detection System + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Virtualization Management Interface cves: cve-2021-4104: investigated: false @@ -29258,13 +64728,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT3000 QCL Automotive OEM Gas Analyzer + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VMware Solutions cves: cve-2021-4104: investigated: false @@ -29287,13 +64757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT4000 QCL Marine OEM Gas Analyzer + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VMware vCenter Server cves: cve-2021-4104: investigated: false @@ -29316,13 +64786,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT4215 QCL Packaging Leak Detection System + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VMware vSphere cves: cve-2021-4104: investigated: false @@ -29345,13 +64815,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT4400 QCL General Purpose Continuous Gas Analyzer + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VPN for VPC cves: cve-2021-4104: investigated: false @@ -29374,13 +64844,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT4404 QCL pMDI Leak Detection Analyzer + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: vRealize Operations and Log Insight cves: cve-2021-4104: investigated: false @@ -29403,13 +64873,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT5100 QCL Field Housing Continuous Gas Analyzer + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Workload Automation cves: cve-2021-4104: investigated: false @@ -29432,13 +64902,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT5400 QCL General Purpose Continuous Gas Analyzer + last_updated: '2021-12-15T00:00:00' + - vendor: ICONICS + product: All cves: cve-2021-4104: investigated: false @@ -29461,13 +64931,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://iconics.com/News/Press-Releases/2021/ICONICS-Not-Subject-to-Apache-Log4j-Vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer + last_updated: '2021-12-21T00:00:00' + - vendor: IFS + product: '' cves: cve-2021-4104: investigated: false @@ -29490,13 +64960,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://community.ifs.com/announcements-278/urgent-bulletin-ifs-advisory-ifs-products-services-and-log4j-cve-2021-44228-16436 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: DHNC1 DHNC2 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IGEL + product: '' cves: cve-2021-4104: investigated: false @@ -29519,13 +64989,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://kb.igel.com/securitysafety/en/isn-2021-11-ums-log4j-vulnerability-54086712.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: DHNC1 DHNC2 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ignite Realtime + product: '' cves: cve-2021-4104: investigated: false @@ -29548,13 +65018,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Emerson Aperio software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: iGrafx + product: '' cves: cve-2021-4104: investigated: false @@ -29577,13 +65047,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.igrafx.com/igrafx-thwarts-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Engineering Assistant 5.x & 6.x + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Illuminated Cloud + product: '' cves: cve-2021-4104: investigated: false @@ -29606,13 +65076,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://illuminatedcloud.blogspot.com/2021/12/illuminated-cloud-2-and-log4j-security.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Fieldwatch and Service consoles + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Illumio + product: C-VEN cves: cve-2021-4104: investigated: false @@ -29635,13 +65105,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Fieldwatch and Service consoles + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: CLI cves: cve-2021-4104: investigated: false @@ -29664,14 +65134,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared - Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: CloudSecure cves: cve-2021-4104: investigated: false @@ -29694,13 +65163,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Core on-premise PCE cves: cve-2021-4104: investigated: false @@ -29723,13 +65192,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Core SaaS PCE cves: cve-2021-4104: investigated: false @@ -29752,13 +65221,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Edge SaaS PCE cves: cve-2021-4104: investigated: false @@ -29781,13 +65250,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Edge-CrowdStrike cves: cve-2021-4104: investigated: false @@ -29810,13 +65279,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Flowlink cves: cve-2021-4104: investigated: false @@ -29839,13 +65308,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Kubelink cves: cve-2021-4104: investigated: false @@ -29868,15 +65337,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: NEN cves: cve-2021-4104: investigated: false @@ -29899,15 +65366,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: QRadar App cves: cve-2021-4104: investigated: false @@ -29930,13 +65395,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Incus Ultrasonic gas leak detector + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Splunk App cves: cve-2021-4104: investigated: false @@ -29959,13 +65424,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: K-Series Coriolis Transmitters + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: VEN cves: cve-2021-4104: investigated: false @@ -29988,13 +65453,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: K-Series Coriolis Transmitters + last_updated: '2021-12-16T00:00:00' + - vendor: IManage + product: '' cves: cve-2021-4104: investigated: false @@ -30017,13 +65482,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Liquid Transmitters: 5081 1066 1056 1057 56' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Imperva + product: '' cves: cve-2021-4104: investigated: false @@ -30046,13 +65511,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Mark III Gas and Liquid USM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Inductive Automation + product: Ignition cves: cve-2021-4104: investigated: false @@ -30060,10 +65525,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -30075,13 +65541,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' + - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day + notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but + they used an older version (1.2) that was not affected by this vulnerability. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Mark III Gas and Liquid USM + last_updated: '2022-01-19T00:00:00' + - vendor: IndustrialDefender + product: '' cves: cve-2021-4104: investigated: false @@ -30104,13 +65571,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.industrialdefender.com/cve-2021-44228-log4j/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: MPFM2600 & MPFM5726 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: infinidat + product: '' cves: cve-2021-4104: investigated: false @@ -30133,13 +65600,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.infinidat.com/hc/en-us/articles/4413483145489-INFINIDAT-Support-Announcement-2021-010-Log4Shell-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: MPFM2600 & MPFM5726 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: InfluxData + product: '' cves: cve-2021-4104: investigated: false @@ -30162,13 +65629,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.influxdata.com/blog/apache-log4j-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Infoblox + product: '' cves: cve-2021-4104: investigated: false @@ -30191,13 +65658,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.infoblox.com/articles/Knowledge/Infoblox-NIOS-and-BloxOne-products-not-vulnerable-to-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Informatica + product: '' cves: cve-2021-4104: investigated: false @@ -30220,13 +65687,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Prolink Configuration Software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Instana + product: '' cves: cve-2021-4104: investigated: false @@ -30249,13 +65716,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://status.instana.io/incidents/4zgcd2gzf4jw notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Prolink Configuration Software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Instructure + product: '' cves: cve-2021-4104: investigated: false @@ -30278,13 +65745,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://community.canvaslms.com/t5/Community-Users/Instructure-amp-the-Apache-Log4j2-Vulnerability/ba-p/501907 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Intel + product: Audio Development Kit cves: cve-2021-4104: investigated: false @@ -30307,13 +65774,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Computer Vision Annotation Tool maintained by Intel cves: cve-2021-4104: investigated: false @@ -30336,13 +65803,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount 2230 Graphical Field Display + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Datacenter Manager cves: cve-2021-4104: investigated: false @@ -30365,13 +65832,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount 2240S Multi-input Temperature Transmitter + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Genomics Kernel Library cves: cve-2021-4104: investigated: false @@ -30394,13 +65861,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount 2410 Tank Hub + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: oneAPI sample browser plugin for Eclipse cves: cve-2021-4104: investigated: false @@ -30423,13 +65890,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount 2460 System Hub + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Secure Device Onboard cves: cve-2021-4104: investigated: false @@ -30452,13 +65919,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount 3490 Controller + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Sensor Solution Firmware Development Kit cves: cve-2021-4104: investigated: false @@ -30481,13 +65948,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount CMS/IOU 61 + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: System Debugger cves: cve-2021-4104: investigated: false @@ -30510,13 +65977,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount CMS/SCU 51/SCC + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: System Studio cves: cve-2021-4104: investigated: false @@ -30539,13 +66006,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Internet Systems Consortium(ISC) + product: BIND 9 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.isc.org/blogs/2021-log4j/ + notes: no JAVA Code references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount CMS/WSU 51/SWF 51 + - vendor: Internet Systems Consortium(ISC) + product: ISC DHCP, aka dhcpd cves: cve-2021-4104: investigated: false @@ -30553,10 +66050,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.isc.org/blogs/2021-log4j/ + notes: no JAVA Code + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Internet Systems Consortium(ISC) + product: Kea DHCP + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -30568,13 +66096,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' + - https://www.isc.org/blogs/2021-log4j/ + notes: no JAVA Code references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount IO-Link Assistant + - vendor: InterSystems + product: '' cves: cve-2021-4104: investigated: false @@ -30597,13 +66125,45 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.intersystems.com/gt/apache-log4j2/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Level Detectors (21xx) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Intland + product: codebeamer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <= 20.11-SP11 + - <= 21.09-SP3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://codebeamer.com/cb/wiki/19872365 + notes: A fix has been released for [20.11](https://codebeamer.com/cb/wiki/13134438) + and [21.09](https://codebeamer.com/cb/wiki/19418497), but not yet for [21.04](https://codebeamer.com/cb/wiki/16937839) + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IPRO + product: Netgovern cves: cve-2021-4104: investigated: false @@ -30625,14 +66185,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: iRedMail + product: '' cves: cve-2021-4104: investigated: false @@ -30655,13 +66214,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://forum.iredmail.org/topic18605-log4j-cve202144228.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Radar Configuration Tool + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ironnet + product: '' cves: cve-2021-4104: investigated: false @@ -30684,13 +66243,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Radar Level Gauges (Pro 39xx 59xx) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ISLONLINE + product: '' cves: cve-2021-4104: investigated: false @@ -30713,992 +66272,1015 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://blog.islonline.com/2021/12/13/isl-online-is-not-affected-by-log4shell-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount RadarMaster and RadarMaster Plus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ivanti + product: Application Control for Linux cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Tank Radar Gauges (TGUxx) + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Application Control for Windows cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount TankMaster and TankMaster Mobile + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Automation cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Spectrex family Flame Detectors and Rosemount 975 flame detector + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Avalanche cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.2.2 + - 6.3.0 to 6.3.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Avalanche Remote Control cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: CETerm (Naurtech) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Vortex and Magmeter Transmitters + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Cherwell Asset Management (CAM) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Vortex and Magmeter Transmitters + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Cherwell Service Management (CSM) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: WCM SWGM + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Connect Pro cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: WCM SWGM + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ConnectPro (Termproxy) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: EnterpriseDT - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Credential mgr (PivD Manager) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: ESET - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Discovery Classic cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: ESRI - product: ArcGIS Data Store + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: DSM cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - All - unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Enterprise + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Environment Manager cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - All - unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS GeoEvent Server + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: GoldMine cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - All - unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Server + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: HEAT Classic cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - All - unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Workflow Manager Server + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: IIRIS (Neurons for IIOT) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - All - unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: Portal for ArcGIS + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Incapptic Connect cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - All - unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Estos - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Insight cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Evolveum Midpoint - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ITSM 6/7 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://evolveum.com/midpoint-not-vulnerable-to-log4shell/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Ewon - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Asset Lifecycle Management cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Exabeam - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Device Application Control cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exabeam.com/s/discussions?t=1639379479381 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Exact - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Endpoint Manager cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.exact.com/news/general-statement-apache-leak + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Exivity - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Endpoint Security cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: ExtraHop - product: Reveal(x) + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Environment Manager cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <=8.4.6 - - <=8.5.3 - - <=8.6.4 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148 - notes: Versions >8.4.7, >8.5.4, >8.6.5 and >=8.7 are fixed. + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: eXtreme Hosting - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti EPM - Cloud Service Appliance cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://extremehosting.nl/log4shell-log4j/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Extreme Networks - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti File Director cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] + investigated: true + affected_versions: + - 2019.1.* + - 2020.1.* + - 2020.3.* + - 2021.1.* + - 4.4.* + fixed_versions: + - 2021.3 HF2 + - 2021.1 HF1 + - 2020.3 HF2 unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Extron - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Identity Director cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.extron.com/featured/Security-at-Extron/extron-security + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F-Secure - product: Elements Connector + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti License Optimizer (ILO) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F-Secure - product: Endpoint Proxy + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Management Center cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.f-secure.com/incidents/sk8vmr0h34pd + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F-Secure - product: Messaging Security Gateway + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Neurons Platform cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F-Secure - product: Policy Manager + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Performance Manager cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.f-secure.com/incidents/sk8vmr0h34pd + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F-Secure - product: Policy Manager Proxy + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Security Controls (Patch ISec) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.f-secure.com/incidents/sk8vmr0h34pd - notes: '' + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory + Page references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F5 - product: BIG-IP (all modules) + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Desk cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -31707,28 +67289,30 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 11.x - 16.x + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 - notes: '' + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: Not Affected. Java is no longer required since version 2018.3U3 Customers + on older versions can uninstall JRE on their ISD Servers for mitigation. This + will disable indexing of Attachments and Documents for full-text search. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F5 - product: BIG-IQ Centralized Management + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Manager cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -31737,28 +67321,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 7.x-8.x + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F5 - product: F5OS + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Manager for Neurons (Cloud) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -31767,28 +67351,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F5 - product: NGINX App Protect + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Voice cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -31797,28 +67381,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.x + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F5 - product: NGINX Controller + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Workspace Control cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -31827,28 +67411,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.x + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F5 - product: NGINX Ingress Controller + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Appconnect cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -31857,28 +67441,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x - 2.x + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F5 - product: NGINX Instance Manager + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Email+ cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -31887,28 +67471,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F5 - product: NGINX Open Source + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Go Client cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -31917,28 +67501,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F5 - product: NGINX Plus + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI MobileAtWork cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -31947,28 +67531,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - R19 - R25 + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F5 - product: NGINX Service Mesh + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Security Productivity Apps cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -31977,28 +67561,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F5 - product: NGINX Unit + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Mi Tunnel App cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -32007,851 +67591,866 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: F5 - product: Traffix SDC + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Access ZSO cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - - 5.x (5.2.0 CF1 - - 5.1.0 CF-30 - 5.1.0 CF-33) + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 - notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + - Kibana), Element Management System' + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: Mitigated. No Impact references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: FAST LTA - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron BYOD Portal cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.fast-lta.de/en/log4j2-vulnerability + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fastly - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Cloud cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: FedEx - product: Ship Manager Software + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Cloud Connector cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - Unknown + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 - notes: 'Note: FedEx is aware of the issue related to the Log4j Remote Code Execution - vulnerability affecting various Apache products. We are actively assessing the - situation and taking necessary action as appropriate. As a result, we are temporarily - unable to provide a link to download the FedEx Ship Manager software or generate - product keys needed for registration of FedEx Ship Manager software. We are - working to have this resolved as quickly as possible and apologize for the inconvenience. - For related questions or the most updated information, customers should check - FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative.' + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Fiix - product: Fiix CMMS Core + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - v5 + affected_versions: + - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: The product has been updated to Log4j version 2.15. An additional patch - is being developed to update to 2.16. No user interaction is required. + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: FileCap - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core Connector cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mailchi.mp/3f82266e0717/filecap-update-version-511 - notes: '' + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core Connector. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: FileCatalyst - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Sentry (Core/Cloud) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '9.13' + - '9.14' fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability - notes: '' + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Sentry. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: FileCloud - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Patch MEM (Microsoft Endpoint Manager) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: FileWave - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Patch OEM APIs cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: FINVI - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Performance Manager cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://finvi.com/support/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: FireDaemon - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Connect Secure cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.firedaemon.com/support/solutions/articles/4000178630 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fisher & Paykel Healthcare - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Desktop Client cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fphcare.com/us/our-company/contact-us/product-security/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Flexagon - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Mobile Client cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Flexera - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse One cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Forcepoint - product: DLP Manager + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Policy Secure cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Forcepoint - product: Forcepoint Cloud Security Gateway (CSG) + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Services Director cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Forcepoint - product: Next Generation Firewall (NGFW) + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Virtual Traffic Manager cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Forcepoint - product: Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service - and Sidewinder + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Web Application Firewall cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Forcepoint - product: One Endpoint + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse ZTA cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Forcepoint - product: Security Manager (Web, Email and DLP) + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Risksense Threat and Vulnerability Management cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Forescout - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: SpeakEasy (add-on to Velocity) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: ForgeRock - product: Autonomous Identity + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: SpeakEasy (WinCE) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa - notes: all other ForgeRock products Not vulnerable + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiAIOps + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Terminal Emulation and Industrial Browser cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiAnalyzer + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Velocity cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiAnalyzer Cloud + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: VelocityCE cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiAP + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Virtual Desktop Extender cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiAuthenticator + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Wavelink License Server cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiCASB + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Xtraction cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiConvertor + last_updated: '2022-01-18T00:00:00' + - vendor: Jamasoftware + product: All cves: cve-2021-4104: investigated: false @@ -32874,13 +68473,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22 notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiDeceptor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Cloud cves: cve-2021-4104: investigated: false @@ -32888,9 +68487,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -32903,13 +68503,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiEDR Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Connect cves: cve-2021-4104: investigated: false @@ -32917,10 +68517,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32932,13 +68533,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiEDR Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Data Policy cves: cve-2021-4104: investigated: false @@ -32946,10 +68547,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32961,13 +68563,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiGate Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Health Care Listener cves: cve-2021-4104: investigated: false @@ -32975,10 +68577,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32990,13 +68593,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiGSLB Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Infrastructure Manager cves: cve-2021-4104: investigated: false @@ -33004,10 +68607,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33019,13 +68623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiMail + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Now cves: cve-2021-4104: investigated: false @@ -33033,10 +68637,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33048,13 +68653,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiManager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Private Access cves: cve-2021-4104: investigated: false @@ -33062,10 +68667,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33077,13 +68683,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiManager Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Pro (On-Prem) cves: cve-2021-4104: investigated: false @@ -33091,9 +68697,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.34.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -33106,13 +68713,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiNAC + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Protect cves: cve-2021-4104: investigated: false @@ -33120,10 +68727,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33135,13 +68743,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiNAC + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf School cves: cve-2021-4104: investigated: false @@ -33149,10 +68757,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33164,13 +68773,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiOS (includes FortiGate & FortiWiFi) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Threat Defense cves: cve-2021-4104: investigated: false @@ -33178,10 +68787,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33193,13 +68803,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiPhish Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Janitza + product: GridVis cves: cve-2021-4104: investigated: false @@ -33207,10 +68817,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.82 cve-2021-45046: investigated: false affected_versions: [] @@ -33222,13 +68833,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.janitza.com/us/gridvis-download.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiPolicy + last_updated: '2022-01-05T00:00:00' + - vendor: Jaspersoft + product: All cves: cve-2021-4104: investigated: false @@ -33251,13 +68862,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiPortal + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Java Melody + product: All cves: cve-2021-4104: investigated: false @@ -33265,9 +68876,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.90.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -33280,13 +68892,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://github.com/javamelody/javamelody/wiki/ReleaseNotes notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiRecorder + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jedox + product: All cves: cve-2021-4104: investigated: false @@ -33309,13 +68921,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.jedox.com/en/trust/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiSIEM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jenkins + product: CI cves: cve-2021-4104: investigated: false @@ -33323,10 +68935,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33338,13 +68951,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiSOAR + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jenkins + product: CI/CD Core cves: cve-2021-4104: investigated: false @@ -33352,10 +68965,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33367,13 +68981,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiSwicth Cloud in FortiLANCloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jenkins + product: Plugins cves: cve-2021-4104: investigated: false @@ -33396,13 +69010,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ notes: '' references: - - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiSwitch & FortiSwitchManager + - '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' + last_updated: '2021-12-16T00:00:00' + - vendor: JetBrains + product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, + dotCover, dotPeek) cves: cve-2021-4104: investigated: false @@ -33410,10 +69025,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33425,13 +69041,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiToken Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jetbrains + product: Code With Me cves: cve-2021-4104: investigated: false @@ -33439,9 +69055,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -33454,13 +69071,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiVoice + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Datalore cves: cve-2021-4104: investigated: false @@ -33468,10 +69085,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33483,13 +69101,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiWeb Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Floating License Server cves: cve-2021-4104: investigated: false @@ -33497,9 +69115,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '30241' unaffected_versions: [] cve-2021-45046: investigated: false @@ -33512,13 +69131,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: ShieldX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Gateway cves: cve-2021-4104: investigated: false @@ -33526,10 +69145,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33541,13 +69161,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: FTAPI - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Hub cves: cve-2021-4104: investigated: false @@ -33555,9 +69175,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2021.1.14080 unaffected_versions: [] cve-2021-45046: investigated: false @@ -33570,13 +69191,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/# + - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fujitsu - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, + IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, + Rider, RubyMine, WebStorm) cves: cve-2021-4104: investigated: false @@ -33584,10 +69207,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33599,13 +69223,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: FusionAuth - product: FusionAuth + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Kotlin cves: cve-2021-4104: investigated: false @@ -33617,7 +69241,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.32' + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33629,43 +69253,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: GE Digital - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories - notes: This advisory is available to customers only and has not been reviewed - by CISA. - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Digital Grid - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Ktor cves: cve-2021-4104: investigated: false @@ -33673,10 +69267,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33688,14 +69283,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585 - notes: This advisory is available to customers only and has not been reviewed - by CISA. + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Asset Performance Management (APM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: MPS cves: cve-2021-4104: investigated: false @@ -33703,10 +69297,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33718,13 +69313,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: GE verifying workaround. + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Space cves: cve-2021-4104: investigated: false @@ -33732,10 +69327,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33747,14 +69343,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details. + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) 2.0 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: TeamCity cves: cve-2021-4104: investigated: false @@ -33762,10 +69357,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33777,14 +69373,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details + - https://youtrack.jetbrains.com/issue/TW-74298 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Control Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: ToolBox cves: cve-2021-4104: investigated: false @@ -33792,10 +69387,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33807,14 +69403,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: The Control Server is Affected via vCenter. There is a fix for vCenter. - Please see below. GE verifying the vCenter fix as proposed by the vendor. + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Tag Mapping Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: UpSource cves: cve-2021-4104: investigated: false @@ -33822,9 +69417,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2020.1.1952 unaffected_versions: [] cve-2021-45046: investigated: false @@ -33837,13 +69433,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Healthcare - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: YouTrack InCloud cves: cve-2021-4104: investigated: false @@ -33851,9 +69447,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -33866,14 +69463,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://securityupdate.gehealthcare.com - notes: This advisory is not available at the time of this review, due to maintence - on the GE Healthcare website. + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Gearset - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: YouTrack Standalone cves: cve-2021-4104: investigated: false @@ -33881,9 +69477,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2021.4.35970 unaffected_versions: [] cve-2021-45046: investigated: false @@ -33896,13 +69493,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 + - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Genesys - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JFrog + product: All cves: cve-2021-4104: investigated: false @@ -33910,10 +69507,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33925,13 +69523,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability + - https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: GeoServer - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JGraph + product: DrawIO cves: cve-2021-4104: investigated: false @@ -33939,10 +69537,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -33954,13 +69553,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html + - https://github.com/jgraph/drawio/issues/2490 notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Gerrit code review - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jitsi + product: jitsi-videobridge cves: cve-2021-4104: investigated: false @@ -33968,9 +69567,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v2.1-595-g3637fda42 unaffected_versions: [] cve-2021-45046: investigated: false @@ -33983,13 +69583,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html + - https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: GFI - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jitterbit + product: All cves: cve-2021-4104: investigated: false @@ -34012,13 +69612,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + - https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Ghidra - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Johnson Controls + product: Athena cves: cve-2021-4104: investigated: false @@ -34026,10 +69626,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34041,13 +69642,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Gigamon - product: Fabric Manager + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: BCPro cves: cve-2021-4104: investigated: false @@ -34056,10 +69657,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <5.13.01.02 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34071,14 +69672,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.gigamon.com/gigamoncp/s/my-gigamon - notes: Updates available via the Gigamon Support Portal. This advisory available - to customers only and has not been reviewed by CISA. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: GitHub - product: GitHub + - vendor: Johnson Controls + product: CEM AC2000 cves: cve-2021-4104: investigated: false @@ -34088,9 +69688,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - GitHub.com and GitHub Enterprise Cloud - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34102,13 +69702,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: GitLab - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CEM Hardware Products cves: cve-2021-4104: investigated: false @@ -34116,10 +69716,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34131,13 +69732,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Globus - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CK721-A (P2000) cves: cve-2021-4104: investigated: false @@ -34145,10 +69746,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34160,13 +69762,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: GoAnywhere - product: Gateway + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CloudVue Gateway cves: cve-2021-4104: investigated: false @@ -34175,10 +69777,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.8.4 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34190,13 +69792,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoAnywhere - product: MFT + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CloudVue Web cves: cve-2021-4104: investigated: false @@ -34205,10 +69807,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 6.8.6 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34220,13 +69822,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoAnywhere - product: MFT Agents + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Connect24 cves: cve-2021-4104: investigated: false @@ -34235,10 +69837,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 1.6.5 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34250,13 +69852,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoCD - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Connected Equipment Gateway (CEG) cves: cve-2021-4104: investigated: false @@ -34264,10 +69866,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34279,13 +69882,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gocd.org/2021/12/14/log4j-vulnerability.html + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Google Cloud - product: Access Transparency + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE Client cves: cve-2021-4104: investigated: false @@ -34293,10 +69896,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34308,14 +69912,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Actifio + - vendor: Johnson Controls + product: C•CURE Server cves: cve-2021-4104: investigated: false @@ -34323,10 +69926,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34338,16 +69942,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and - has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) - for the full statement and to obtain the hotfix (available to Actifio customers - only). + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AI Platform Data Labeling + - vendor: Johnson Controls + product: C•CURE Web cves: cve-2021-4104: investigated: false @@ -34355,10 +69956,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34370,14 +69972,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AI Platform Neural Architecture Search (NAS) + - vendor: Johnson Controls + product: C•CURE-9000 cves: cve-2021-4104: investigated: false @@ -34385,10 +69986,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2.90.x + - 2.80.x + - 2.70.x + - 2.60.x cve-2021-45046: investigated: false affected_versions: [] @@ -34400,14 +70005,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AI Platform Training and Prediction + - vendor: Johnson Controls + product: DataSource cves: cve-2021-4104: investigated: false @@ -34415,10 +70019,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34430,14 +70035,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos + - vendor: Johnson Controls + product: DLS cves: cve-2021-4104: investigated: false @@ -34445,10 +70049,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -34460,17 +70065,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Anthos environments to identify components dependent on Log4j 2 and update them - to the latest version. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Config Management + - vendor: Johnson Controls + product: Entrapass cves: cve-2021-4104: investigated: false @@ -34478,10 +70079,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34493,14 +70095,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Connect + - vendor: Johnson Controls + product: exacqVision Client cves: cve-2021-4104: investigated: false @@ -34508,10 +70109,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34523,14 +70125,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Hub + - vendor: Johnson Controls + product: exacqVision Server cves: cve-2021-4104: investigated: false @@ -34538,10 +70139,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34553,14 +70155,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Identity Service + - vendor: Johnson Controls + product: exacqVision WebService cves: cve-2021-4104: investigated: false @@ -34568,10 +70169,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34583,14 +70185,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos on VMWare + - vendor: Johnson Controls + product: Facility Explorer cves: cve-2021-4104: investigated: false @@ -34598,10 +70199,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 14.x cve-2021-45046: investigated: false affected_versions: [] @@ -34613,18 +70215,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check - VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds - to their VMware products as they become available. We also recommend customers - review their respective applications and workloads affected by the same vulnerabilities - and apply appropriate patches. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Premium Software + - vendor: Johnson Controls + product: Illustra Cameras cves: cve-2021-4104: investigated: false @@ -34632,10 +70229,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34647,14 +70245,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Service Mesh + - vendor: Johnson Controls + product: Illustra Insight cves: cve-2021-4104: investigated: false @@ -34662,10 +70259,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34677,14 +70275,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Apigee + - vendor: Johnson Controls + product: iSTAR cves: cve-2021-4104: investigated: false @@ -34692,10 +70289,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34707,19 +70305,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not - used and therefore the VMs were not impacted by the issues in CVE-2021-44228 - and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. - It is possible that customers may have introduced custom resources that are - using vulnerable versions of Log4j. We strongly encourage customers who manage - Apigee environments to identify components dependent on Log4j and update them - to the latest version. Visit the Apigee Incident Report for more information. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Google Cloud - product: App Engine + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Kantech Entrapass cves: cve-2021-4104: investigated: false @@ -34727,10 +70319,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34742,17 +70335,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - App Engine environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AppSheet + - vendor: Johnson Controls + product: Metasys Products and Tools cves: cve-2021-4104: investigated: false @@ -34760,10 +70349,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -34775,17 +70365,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At - this time, we have identified no impact to core AppSheet functionality. Additionally, - we have patched one Java-based auxiliary service in our platform. We will continue - to monitor for affected services and patch or remediate as required. If you - have any questions or require assistance, contact AppSheet Support. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Artifact Registry + - vendor: Johnson Controls + product: OpenBlue Active Responder cves: cve-2021-4104: investigated: false @@ -34793,10 +70379,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34808,14 +70395,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Assured Workloads + - vendor: Johnson Controls + product: OpenBlue Bridge cves: cve-2021-4104: investigated: false @@ -34823,10 +70409,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34838,14 +70425,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML + - vendor: Johnson Controls + product: OpenBlue Chiller Utility Plant Optimizer cves: cve-2021-4104: investigated: false @@ -34853,10 +70439,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34868,14 +70455,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Natural Language + - vendor: Johnson Controls + product: OpenBlue Cloud cves: cve-2021-4104: investigated: false @@ -34883,10 +70469,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34898,14 +70485,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Tables + - vendor: Johnson Controls + product: OpenBlue Connected Chiller cves: cve-2021-4104: investigated: false @@ -34913,10 +70499,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34928,14 +70515,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Translation + - vendor: Johnson Controls + product: OpenBlue Enterprise Manager cves: cve-2021-4104: investigated: false @@ -34943,10 +70529,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34958,14 +70545,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Video + - vendor: Johnson Controls + product: OpenBlue Location Manager cves: cve-2021-4104: investigated: false @@ -34973,10 +70559,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34988,14 +70575,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Vision + - vendor: Johnson Controls + product: OpenBlue Risk Insight cves: cve-2021-4104: investigated: false @@ -35003,10 +70589,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35018,14 +70605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: BigQuery + - vendor: Johnson Controls + product: OpenBlue Twin cves: cve-2021-4104: investigated: false @@ -35033,10 +70619,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35048,14 +70635,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: BigQuery Data Transfer Service + - vendor: Johnson Controls + product: OpenBlue Workplace cves: cve-2021-4104: investigated: false @@ -35063,10 +70649,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35078,14 +70665,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: BigQuery Omni + - vendor: Johnson Controls + product: P2000 cves: cve-2021-4104: investigated: false @@ -35093,10 +70679,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35108,15 +70695,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: BigQuery Omni, which runs on AWS and Azure infrastructure, does not use - Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. - We continue to work with AWS and Azure to assess the situation. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Binary Authorization + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: PowerSeries NEO cves: cve-2021-4104: investigated: false @@ -35124,10 +70709,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35139,14 +70725,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Certificate Manager + - vendor: Johnson Controls + product: PowerSeries Pro cves: cve-2021-4104: investigated: false @@ -35154,10 +70739,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35169,14 +70755,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Chronicle + - vendor: Johnson Controls + product: Qolsys IQ Panels cves: cve-2021-4104: investigated: false @@ -35184,10 +70769,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35199,14 +70785,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Asset Inventory + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: RFID Overhead360 Backend cves: cve-2021-4104: investigated: false @@ -35214,9 +70799,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -35229,14 +70815,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Bigtable + - vendor: Johnson Controls + product: S321-IP (P2000) cves: cve-2021-4104: investigated: false @@ -35244,10 +70829,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35259,14 +70845,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Cloud Build + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Analytics (STaN) - Traffic cves: cve-2021-4104: investigated: false @@ -35274,10 +70859,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35289,17 +70875,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Build environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud CDN + - vendor: Johnson Controls + product: Shoppertrak Market Intelligence cves: cve-2021-4104: investigated: false @@ -35307,10 +70889,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35322,14 +70905,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Composer + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Perimeter Apps cves: cve-2021-4104: investigated: false @@ -35337,10 +70919,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35352,19 +70935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and - is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible - that customers may have imported or introduced other dependencies via DAGs, - installed PyPI modules, plugins, or other services that are using vulnerable - versions of Log4j 2. We strongly encourage customers, who manage Composer environments - to identify components dependent on Log4j 2 and update them to the latest version. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Google Cloud - product: Cloud Console App + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Shopper Journey cves: cve-2021-4104: investigated: false @@ -35372,10 +70949,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35387,14 +70965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Data Loss Prevention + - vendor: Johnson Controls + product: Shoppertrak Video Analytics cves: cve-2021-4104: investigated: false @@ -35402,10 +70979,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35417,14 +70995,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Debugger + - vendor: Johnson Controls + product: Sur‐Gard Receivers cves: cve-2021-4104: investigated: false @@ -35432,10 +71009,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35447,14 +71025,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Deployment Manager + - vendor: Johnson Controls + product: TrueVue Cloud cves: cve-2021-4104: investigated: false @@ -35462,10 +71039,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35477,14 +71055,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud DNS + - vendor: Johnson Controls + product: Tyco AI cves: cve-2021-4104: investigated: false @@ -35492,10 +71069,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -35507,14 +71085,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Endpoints + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor cves: cve-2021-4104: investigated: false @@ -35522,10 +71099,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 5.x cve-2021-45046: investigated: false affected_versions: [] @@ -35537,14 +71115,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud External Key Manager (EKM) + - vendor: Johnson Controls + product: victor/ C•CURE‐9000 Unified cves: cve-2021-4104: investigated: false @@ -35552,10 +71129,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 and 3.91.x / victor 5.6.1 / C•CURE‐9000 + 2.90 cve-2021-45046: investigated: false affected_versions: [] @@ -35567,14 +71146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Functions + - vendor: Johnson Controls + product: VideoEdge cves: cve-2021-4104: investigated: false @@ -35582,10 +71160,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 5.x cve-2021-45046: investigated: false affected_versions: [] @@ -35597,17 +71176,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Functions environments to identify components dependent on Log4j 2 and - update them to the latest version. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Hardware Security Module (HSM) + - vendor: Johnson Controls + product: Xaap cves: cve-2021-4104: investigated: false @@ -35615,10 +71190,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -35630,14 +71206,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Interconnect + - vendor: Journyx + product: All cves: cve-2021-4104: investigated: false @@ -35660,14 +71235,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Intrusion Detection System (IDS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: jPOS + product: (ISO-8583) bridge cves: cve-2021-4104: investigated: false @@ -35675,10 +71249,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35690,14 +71265,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Key Management Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jump Desktop + product: All cves: cve-2021-4104: investigated: false @@ -35720,14 +71294,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Load Balancing + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Advanced Threat Prevention (JATP) cves: cve-2021-4104: investigated: false @@ -35735,10 +71308,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35750,14 +71324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Logging + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: AppFormix cves: cve-2021-4104: investigated: false @@ -35765,10 +71338,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35780,14 +71354,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Natural Language API + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Apstra System cves: cve-2021-4104: investigated: false @@ -35795,10 +71368,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35810,14 +71384,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Network Address Translation (NAT) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Apstra System cves: cve-2021-4104: investigated: false @@ -35825,10 +71398,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35840,14 +71414,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Profiler + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Connectivity Services Director cves: cve-2021-4104: investigated: false @@ -35855,10 +71428,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35870,14 +71444,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Router + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Analytics cves: cve-2021-4104: investigated: false @@ -35885,10 +71458,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35900,14 +71474,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Run + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Cloud cves: cve-2021-4104: investigated: false @@ -35915,10 +71488,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35929,18 +71503,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Run environments to identify components dependent on Log4j 2 and update - them to the latest version. + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Run for Anthos + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Networking cves: cve-2021-4104: investigated: false @@ -35948,10 +71518,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35963,17 +71534,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Run for Anthos environments to identify components dependent on Log4j - 2 and update them to the latest version. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Scheduler + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Service Orchestration cves: cve-2021-4104: investigated: false @@ -35981,10 +71548,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35996,14 +71564,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud SDK + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Cross Provisioning Platform cves: cve-2021-4104: investigated: false @@ -36011,7 +71578,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36026,14 +71593,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Shell + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: CTPOS and CTPView cves: cve-2021-4104: investigated: false @@ -36041,10 +71607,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36056,17 +71623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Shell environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Source Repositories + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: ICEAAA Manager cves: cve-2021-4104: investigated: false @@ -36074,10 +71637,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36089,14 +71653,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Spanner + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: JATP Cloud cves: cve-2021-4104: investigated: false @@ -36104,10 +71667,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36119,14 +71683,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Cloud SQL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Identity Management Services (JIMS) cves: cve-2021-4104: investigated: false @@ -36134,7 +71697,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36149,14 +71712,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Cloud Storage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Mist Edge cves: cve-2021-4104: investigated: false @@ -36164,10 +71726,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36179,14 +71742,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Tasks + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Sky Enterprise cves: cve-2021-4104: investigated: false @@ -36194,10 +71756,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36209,14 +71772,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Trace + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos OS cves: cve-2021-4104: investigated: false @@ -36224,10 +71786,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36239,14 +71802,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Traffic Director + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos OS Evolved cves: cve-2021-4104: investigated: false @@ -36254,10 +71816,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36269,14 +71832,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Translation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos Space Network Management Platform cves: cve-2021-4104: investigated: false @@ -36284,8 +71846,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -36299,14 +71862,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Vision + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Marvis Virtual Network Assistant (VNA) cves: cve-2021-4104: investigated: false @@ -36314,10 +71876,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36329,14 +71892,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Vision OCR On-Prem + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Mist AI cves: cve-2021-4104: investigated: false @@ -36344,10 +71906,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36359,14 +71922,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud VPN + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Wi-Fi Assurance cves: cve-2021-4104: investigated: false @@ -36374,10 +71936,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36389,14 +71952,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: CompilerWorks + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Wired Assurance cves: cve-2021-4104: investigated: false @@ -36404,10 +71966,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36419,14 +71982,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Compute Engine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Mist Access Points cves: cve-2021-4104: investigated: false @@ -36434,10 +71996,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Any version on AP12, AP21, AP32, AP33, AP34, AP41, AP43, AP45, AP61, AP63 cve-2021-45046: investigated: false affected_versions: [] @@ -36449,16 +72012,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Compute Engine does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, - we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes - to Google Cloud VMware Engine as they become available. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Contact Center AI (CCAI) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Network Director cves: cve-2021-4104: investigated: false @@ -36466,10 +72026,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36481,14 +72042,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Contact Center AI Insights + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Northstar Controller cves: cve-2021-4104: investigated: false @@ -36496,8 +72056,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -36511,14 +72072,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Container Registry + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Northstar Planner cves: cve-2021-4104: investigated: false @@ -36526,7 +72086,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36541,14 +72101,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Data Catalog + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Insights cves: cve-2021-4104: investigated: false @@ -36556,8 +72115,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -36571,16 +72131,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 - and CVE-2021-45046. We strongly encourage customers who introduced their own - connectors to identify dependencies on Log4j 2 and update them to the latest - version. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Data Fusion + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Pathfinder cves: cve-2021-4104: investigated: false @@ -36588,8 +72145,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -36603,17 +72161,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Data Fusion does not use Log4j 2, but uses Dataproc as one of the options - to execute pipelines. Dataproc released new images on December 18, 2021 to address - the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow - instructions in a notification sent on December 18, 2021 with the subject line - “Important information about Data Fusion.” + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Database Migration Service (DMS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Planner cves: cve-2021-4104: investigated: false @@ -36621,8 +72175,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -36636,14 +72191,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Dataflow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Policy Enforcer cves: cve-2021-4104: investigated: false @@ -36651,10 +72205,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36666,18 +72221,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: 'Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 - and CVE-2021-45046. If you have changed dependencies or default behavior, it - is strongly recommended you verify there is no dependency on vulnerable versions - Log4j 2. Customers have been provided details and instructions in a notification - sent on December 17, 2021 with the subject line “Update #1 to Important information - about Dataflow.”' + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Google Cloud - product: Dataproc + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Products using Wind River Linux in Junos OS and Junos OS Evolved cves: cve-2021-4104: investigated: false @@ -36685,10 +72235,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36700,16 +72251,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Dataproc released new images on December 18, 2021 to address the vulnerabilities - in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions - in notifications sent on December 18, 2021 with the subject line “Important - information about Dataproc” with Dataproc documentation. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Dataproc Metastore + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: ScreenOS cves: cve-2021-4104: investigated: false @@ -36717,10 +72265,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36732,17 +72281,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Dataproc Metastore has been updated to mitigate the issues identified in - CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent - two notifications with instructions on December 17, 2021 with the subject line - “Important information regarding Log4j 2 vulnerability in your gRPC-enabled - Dataproc Metastore.” + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Datastore + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: SecIntel cves: cve-2021-4104: investigated: false @@ -36750,10 +72295,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36765,14 +72311,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Datastream + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Secure Analytics cves: cve-2021-4104: investigated: false @@ -36780,7 +72325,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36795,14 +72340,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Dialogflow Essentials (ES) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Security Director cves: cve-2021-4104: investigated: false @@ -36810,10 +72354,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36825,14 +72370,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Document AI + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Security Director Insights cves: cve-2021-4104: investigated: false @@ -36840,10 +72384,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36855,14 +72400,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Event Threat Detection + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Session Smart Router (Formerly 128T) cves: cve-2021-4104: investigated: false @@ -36870,10 +72414,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36885,14 +72430,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Eventarc + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Space SDK cves: cve-2021-4104: investigated: false @@ -36900,10 +72444,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36915,14 +72460,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Filestore + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Standalone Log Collector 20.1 (as also used by Space Security Director) cves: cve-2021-4104: investigated: false @@ -36930,10 +72474,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36945,16 +72490,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Log4j 2 is contained within the Filestore service; there is a technical - control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. - Log4j 2 will be updated to the latest version as part of the scheduled rollout - in January 2022. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Firebase + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: User Engagement Virtual BLE cves: cve-2021-4104: investigated: false @@ -36962,10 +72504,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36977,14 +72520,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Firestore + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Justice Systems + product: All cves: cve-2021-4104: investigated: false @@ -37007,14 +72549,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.justicesystems.com/services/support/ + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Game Servers + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: K15t + product: All cves: cve-2021-4104: investigated: false @@ -37037,14 +72578,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://help.k15t.com/k15t-apps-and-log4shell-193401141.html + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Google Cloud Armor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: K6 + product: All cves: cve-2021-4104: investigated: false @@ -37067,14 +72607,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Google Cloud Armor Managed Protection Plus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn SaaS in the classic Learn experience cves: cve-2021-4104: investigated: false @@ -37082,9 +72621,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v3900.28.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -37097,14 +72637,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Google Cloud VMware Engine + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn Self- and Managed-Hosting cves: cve-2021-4104: investigated: false @@ -37112,9 +72651,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v3900.26.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -37127,14 +72667,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: We are working with VMware and tracking VMSA-2021-0028.1. We will deploy - fixes as they become available. + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' references: - '' - last_updated: '2021-12-11T00:00:00' - - vendor: Google Cloud - product: Google Kubernetes Engine + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Karakun + product: All cves: cve-2021-4104: investigated: false @@ -37157,17 +72696,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Google Kubernetes Engine does not use Log4j 2 and is not impacted by the - issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have - introduced a separate logging solution that uses Log4j 2. We strongly encourage - customers who manage Google Kubernetes Engine environments to identify components - dependent on Log4j 2 and update them to the latest version. + - https://board.karakun.com/viewtopic.php?f=21&t=8351 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Healthcare Data Engine (HDE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaseya + product: AuthAnvil cves: cve-2021-4104: investigated: false @@ -37175,10 +72710,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37190,14 +72726,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Human-in-the-Loop AI + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: BMS cves: cve-2021-4104: investigated: false @@ -37205,10 +72740,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37220,14 +72756,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: IoT Core + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: ID Agent DarkWeb ID and BullPhish ID cves: cve-2021-4104: investigated: false @@ -37235,10 +72770,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37250,14 +72786,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Key Access Justifications (KAJ) + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: IT Glue cves: cve-2021-4104: investigated: false @@ -37265,10 +72800,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37280,14 +72816,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Looker + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: MyGlue cves: cve-2021-4104: investigated: false @@ -37295,10 +72830,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37310,21 +72846,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. - Looker is currently working with third-party driver vendors to evaluate the - impact of the Log4j vulnerability. As Looker does not enable logging for these - drivers in Looker-hosted instances, no messages are logged. We conclude that - the vulnerability is mitigated. We continue to actively work with the vendors - to deploy a fix for these drivers. Looker customers who self-manage their Looker - instances have received instructions through their technical contacts on how - to take the necessary steps to address the vulnerability. Looker customers who - have questions or require assistance, please visit Looker Support. + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: Google Cloud - product: Media Translation API + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Network Glue cves: cve-2021-4104: investigated: false @@ -37332,10 +72860,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37347,14 +72876,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Memorystore + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Passly cves: cve-2021-4104: investigated: false @@ -37362,10 +72890,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37377,14 +72906,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Migrate for Anthos + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: RocketCyber cves: cve-2021-4104: investigated: false @@ -37392,10 +72920,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37407,14 +72936,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Migrate for Compute Engine (M4CE) + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spannign Salesforce Backup cves: cve-2021-4104: investigated: false @@ -37422,10 +72950,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37437,17 +72966,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: M4CE has been updated to mitigate the issues identified in CVE-2021-44228 - and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. - A notification was sent to customers on December 17, 2021 with subject line - “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 - or below. If you are on M4CE v5.0 or above, no action is needed. + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Network Connectivity Center + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spanning O365 Backup cves: cve-2021-4104: investigated: false @@ -37455,10 +72980,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37470,14 +72996,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Network Intelligence Center + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Unitrends cves: cve-2021-4104: investigated: false @@ -37485,10 +73010,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37500,14 +73026,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Network Service Tiers + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Vorex cves: cve-2021-4104: investigated: false @@ -37515,10 +73040,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37530,14 +73056,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Persistent Disk + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: VSA SaaS and VSA On-Premises cves: cve-2021-4104: investigated: false @@ -37545,10 +73070,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37560,14 +73086,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Pub/Sub + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: KeePass + product: All cves: cve-2021-4104: investigated: false @@ -37575,10 +73100,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -37590,14 +73116,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Google Cloud - product: Pub/Sub Lite + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keeper + product: All cves: cve-2021-4104: investigated: false @@ -37605,9 +73130,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -37620,17 +73146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Pub/Sub Lite environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/ + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Google Cloud - product: reCAPTCHA Enterprise + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kemp + product: All cves: cve-2021-4104: investigated: false @@ -37653,14 +73175,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit + notes: '' references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Recommendations AI + - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keycloak + product: All cves: cve-2021-4104: investigated: false @@ -37668,10 +73189,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -37683,14 +73205,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://github.com/keycloak/keycloak/discussions/9078 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Retail Search + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Capture cves: cve-2021-4104: investigated: false @@ -37698,10 +73219,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -37713,14 +73235,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Risk Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Communication Manager cves: cve-2021-4104: investigated: false @@ -37728,9 +73249,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.3 - 5.5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -37743,14 +73265,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Secret Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robot File System (RFS) cves: cve-2021-4104: investigated: false @@ -37758,9 +73279,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>=10.7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -37773,14 +73295,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Security Command Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robotic Process Automation (RPA) cves: cve-2021-4104: investigated: false @@ -37788,9 +73309,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '11.1' + - '11.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -37803,14 +73326,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Service Directory + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Konica Minolta + product: All cves: cve-2021-4104: investigated: false @@ -37833,14 +73355,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.konicaminolta.de/de-de/support/log4j + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Service Infrastructure + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kronos UKG + product: All cves: cve-2021-4104: investigated: false @@ -37863,14 +73384,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Speaker ID + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kyberna + product: All cves: cve-2021-4104: investigated: false @@ -37893,14 +73413,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.kyberna.com/detail/log4j-sicherheitsluecke + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Speech-to-Text + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: L-Soft + product: '' cves: cve-2021-4104: investigated: false @@ -37923,14 +73442,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - http://www.lsoft.com/news/log4jinfo.asp + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Speech-to-Text On-Prem + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: L3Harris Geospatial + product: '' cves: cve-2021-4104: investigated: false @@ -37953,14 +73471,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Storage Transfer Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lancom Systems + product: '' cves: cve-2021-4104: investigated: false @@ -37983,14 +73500,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.lancom-systems.com/service-support/instant-help/general-security-information/ + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Talent Solution + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lansweeper + product: '' cves: cve-2021-4104: investigated: false @@ -38013,14 +73529,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.lansweeper.com/vulnerability/critical-log4j-vulnerability-affects-millions-of-applications/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Text-to-Speech + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Laserfiche + product: '' cves: cve-2021-4104: investigated: false @@ -38043,14 +73558,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://answers.laserfiche.com/questions/194037/Do-any-Laserfiche-products-use-the-Apache-log4j-library#194038 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Transcoder API + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LastPass + product: '' cves: cve-2021-4104: investigated: false @@ -38073,14 +73587,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.logmeininc.com/lastpass/help/log4j-vulnerability-faq-for-lastpass-universal-proxy + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Transfer Appliance + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LaunchDarkly + product: '' cves: cve-2021-4104: investigated: false @@ -38103,14 +73616,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://launchdarkly.com/blog/audit-shows-systems-unaffected-by-log4j/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Video Intelligence API + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Leanix + product: '' cves: cve-2021-4104: investigated: false @@ -38133,14 +73645,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.leanix.net/en/blog/log4j-vulnerability-log4shell + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Virtual Private Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio AT2 cves: cve-2021-4104: investigated: false @@ -38163,14 +73674,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.leicabiosystems.com/about/product-security/ + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Web Security Scanner + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio AT2 DX cves: cve-2021-4104: investigated: false @@ -38193,14 +73703,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.leicabiosystems.com/about/product-security/ + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Workflows + - vendor: Leica BIOSYSTEMS + product: Aperio CS2 cves: cve-2021-4104: investigated: false @@ -38223,14 +73732,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.leicabiosystems.com/about/product-security/ + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google - product: Chrome + - vendor: Leica BIOSYSTEMS + product: Aperio eSlide Manager cves: cve-2021-4104: investigated: false @@ -38238,12 +73746,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -38253,14 +73761,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html - notes: Chrome Browser releases, infrastructure and admin console are not using - versions of Log4j affected by the vulnerability. + - https://www.leicabiosystems.com/about/product-security/ + notes: '' references: - '' - last_updated: '2022-01-14' - - vendor: Gradle - product: Gradle + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio GT 450 cves: cve-2021-4104: investigated: false @@ -38283,13 +73790,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.gradle.org/log4j-vulnerability - notes: Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. + - https://www.leicabiosystems.com/about/product-security/ + notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gradle - product: Gradle Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio GT 450 DX cves: cve-2021-4104: investigated: false @@ -38297,9 +73804,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 2021.3.6 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -38313,13 +73819,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.gradle.com/advisory/2021-11 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gradle - product: Gradle Enterprise Build Cache Node + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio ImageScope cves: cve-2021-4104: investigated: false @@ -38327,9 +73833,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 10.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -38343,13 +73848,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.gradle.com/advisory/2021-11 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gradle - product: Gradle Enterprise Test Distribution Agent + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio ImageScope DX cves: cve-2021-4104: investigated: false @@ -38357,9 +73862,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 1.6.2 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -38373,13 +73877,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.gradle.com/advisory/2021-11 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Grafana - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio LV1 cves: cve-2021-4104: investigated: false @@ -38402,13 +73906,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/ + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Grandstream - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio SAM DX Server For GT 450 DX cves: cve-2021-4104: investigated: false @@ -38431,13 +73935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravitee.io - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio Scanner Administration Manager (SAM) Server for GT 450 cves: cve-2021-4104: investigated: false @@ -38460,13 +73964,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravitee - product: Access Management + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio VERSA cves: cve-2021-4104: investigated: false @@ -38474,41 +73978,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 3.10.x - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravitee - product: Access Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -38520,13 +73993,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravitee - product: Alert Engine + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio WebViewer DX cves: cve-2021-4104: investigated: false @@ -38534,41 +74007,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 1.5.x - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravitee - product: Alert Engine - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -38580,13 +74022,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravitee - product: API Management + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND Controller cves: cve-2021-4104: investigated: false @@ -38594,11 +74036,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 3.10.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -38610,13 +74051,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravitee - product: API Management + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND RX cves: cve-2021-4104: investigated: false @@ -38624,11 +74065,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 3.5.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -38640,13 +74080,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravitee - product: Cockpit + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND RXm cves: cve-2021-4104: investigated: false @@ -38654,11 +74094,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.4.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -38670,13 +74109,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravwell - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND-ADVANCE cves: cve-2021-4104: investigated: false @@ -38699,13 +74138,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Graylog - product: Graylog Server + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND-III cves: cve-2021-4104: investigated: false @@ -38713,9 +74152,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions >= 1.2.0 and <= 4.2.2 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -38729,13 +74167,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.graylog.org/post/graylog-update-for-log4j + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: GreenShot - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND-MAX cves: cve-2021-4104: investigated: false @@ -38758,13 +74196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://greenshot.atlassian.net/browse/BUG-2871 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: GSA - product: Cloud.gov + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: CEREBRO cves: cve-2021-4104: investigated: false @@ -38787,13 +74225,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.gov/2021/12/14/log4j-buildpack-updates/ + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Guidewire - product: '' + - vendor: Leica BIOSYSTEMS + product: CytoVision cves: cve-2021-4104: investigated: false @@ -38816,13 +74254,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HAProxy - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore PEARL cves: cve-2021-4104: investigated: false @@ -38845,13 +74283,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.haproxy.com/blog/december-2021-log4shell-mitigation/ + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HarmanPro AMX - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore PEGASUS cves: cve-2021-4104: investigated: false @@ -38874,13 +74312,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.harmanpro.com/apache-log4j-vulnerability + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HashiCorp - product: Boundary + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore SPECTRA CV cves: cve-2021-4104: investigated: false @@ -38903,13 +74341,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HashiCorp - product: Consul + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore SPECTRA ST cves: cve-2021-4104: investigated: false @@ -38932,13 +74370,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HashiCorp - product: Consul Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore SPIRIT ST cves: cve-2021-4104: investigated: false @@ -38961,13 +74399,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HashiCorp - product: Nomad + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore SPRING ST cves: cve-2021-4104: investigated: false @@ -38990,13 +74428,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HashiCorp - product: Nomad Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ASP300S cves: cve-2021-4104: investigated: false @@ -39019,13 +74457,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HashiCorp - product: Packer + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica CV5030 cves: cve-2021-4104: investigated: false @@ -39048,13 +74486,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HashiCorp - product: Terraform + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ST4020 cves: cve-2021-4104: investigated: false @@ -39077,13 +74515,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HashiCorp - product: Terraform Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ST5010 cves: cve-2021-4104: investigated: false @@ -39106,13 +74544,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HashiCorp - product: Vagrant + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ST5020 cves: cve-2021-4104: investigated: false @@ -39135,13 +74573,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HashiCorp - product: Vault + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica TP1020 cves: cve-2021-4104: investigated: false @@ -39164,13 +74602,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HashiCorp - product: Vault Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: LIS Connect cves: cve-2021-4104: investigated: false @@ -39193,13 +74631,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HashiCorp - product: Waypoint + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: PathDX cves: cve-2021-4104: investigated: false @@ -39222,13 +74660,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HCL Software - product: BigFix Compliance + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: ThermoBrite Elite cves: cve-2021-4104: investigated: false @@ -39236,11 +74674,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39252,13 +74689,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://www.leicabiosystems.com/about/product-security/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Insights + last_updated: '2021-12-21T00:00:00' + - vendor: Lenovo + product: BIOS/UEFI cves: cve-2021-4104: investigated: false @@ -39266,11 +74703,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39282,13 +74718,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Insights for Vulnerability Remediation + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Chassis Management Module 2 (CMM) cves: cve-2021-4104: investigated: false @@ -39296,11 +74732,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39312,13 +74747,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Inventory + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Commercial Vantage cves: cve-2021-4104: investigated: false @@ -39326,10 +74761,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 10.0.7 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -39342,13 +74776,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Lifecycle + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Confluent cves: cve-2021-4104: investigated: false @@ -39356,11 +74790,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39372,13 +74805,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Mobile + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: DSS-G cves: cve-2021-4104: investigated: false @@ -39386,11 +74819,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39402,13 +74834,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Patch + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Embedded System Management Java-based KVM clients cves: cve-2021-4104: investigated: false @@ -39416,11 +74848,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39432,13 +74863,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HelpSystems Clearswift - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Fan Power Controller (FPC) cves: cve-2021-4104: investigated: false @@ -39461,13 +74892,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HENIX - product: Squash TM + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Fan Power Controller2 (FPC2) cves: cve-2021-4104: investigated: false @@ -39475,12 +74906,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 1.21.7 - 1.22.9 - - 2.0.3 - 2.1.5 - - 2.2.0 - 3.0.2 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -39493,13 +74921,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Hexagon - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Integrated Management Module II (IMM2) cves: cve-2021-4104: investigated: false @@ -39522,13 +74950,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Hikvision - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: NetApp ONTAP Tools for VMware vSphere cves: cve-2021-4104: investigated: false @@ -39551,13 +74979,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf - notes: '' + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: See [NetApp](https://security.netapp.com/advisory/ntap-20211210-0007/) + advisory. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Hitachi Energy - product: 3rd party - Elastic Search, Kibana + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: 'Network Switches running: Lenovo CNOS, Lenovo ENOS, IBM ENOS, or Brocade + FOS' cves: cve-2021-4104: investigated: false @@ -39565,10 +74995,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Elasticsearch 5.0.0+ + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -39581,14 +75010,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: Set the JVM option -Dlog4j2.formatMsgNoLookups=true and restart each node - of the cluster. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: 3rd party - Oracle Database Components + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Storage Management utilities cves: cve-2021-4104: investigated: false @@ -39596,12 +75024,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '12.1' - - '12.2' - - 19c + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -39614,15 +75039,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: As this is a third-party component, a separate patch management report - will be provided to customers with the steps to apply the Oracle provided patches - for these components. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Axis + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: System Management Module (SMM) cves: cve-2021-4104: investigated: false @@ -39630,10 +75053,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '3.6' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -39646,14 +75068,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. Axis is a fully SaaS hosted solution - and the environment has been patched per the recommendations + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Counterparty Settlement and Billing (CSB) + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: System Management Module 2 (SMM2) cves: cve-2021-4104: investigated: false @@ -39661,10 +75082,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - v6 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -39677,13 +75097,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: e-Mesh Monitor + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: System Update cves: cve-2021-4104: investigated: false @@ -39706,16 +75126,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No end-user action needed. The affected e-Mesh Monitor part is at the cloud - offering side of which the remediation is handled by Hitachi Energy team. Remediation - is currently ongoing, and during this time period, e-Mesh Monitor edge device - is not able to upload data to cloud. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: eSOMS + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Thin Installer cves: cve-2021-4104: investigated: false @@ -39738,13 +75155,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hitachienergy.com/offering/solutions/cybersecurity/alerts-and-notifications + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Hitachi Energy - product: FOXMAN-UN + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkAgile HX cves: cve-2021-4104: investigated: false @@ -39752,13 +75169,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - R15A - - R14B - - R14A - - R11B SP1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -39771,16 +75184,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. . For - details on how to apply such patch, please refer to the technical bulletin “FOXMAN-UN - - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi - Energy Customer Connect Portal. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: Nutanix and VMware components only; hardware not affected. See [Nutanix](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) + and [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) + advisories. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: FOXMAN-UN + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkAgile VX cves: cve-2021-4104: investigated: false @@ -39788,10 +75200,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - R11A and R10 series + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -39804,14 +75215,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: Apply General Mitigations and upgrade to latest version. For upgrades, - please get in touch with your Hitachi Energy contacts. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: VMware components only; hardware not affected. See [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) + advisory. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Lumada APM On-premises + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem 2x1x16 Digital KVM Switch - Type 1754D1T cves: cve-2021-4104: investigated: false @@ -39834,13 +75245,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions for various versions. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Lumada APM SaaS offering + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem DE Series Storage cves: cve-2021-4104: investigated: false @@ -39863,14 +75274,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. The SaaS offering has been patched - per the recommendations. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: See also NetApp advisory. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Lumada EAM / FSM + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem DM Series Storage cves: cve-2021-4104: investigated: false @@ -39878,12 +75288,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - v1.7.x - - v1.8.x - - v1.9.x + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -39896,13 +75303,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See Section Mitigation Strategy in vendor advisory. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: See also NetApp advisory. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: MMS Internal facing subcomponent. + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem DS Series Storage cves: cve-2021-4104: investigated: false @@ -39925,13 +75332,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Network Manager ADMS Network Model Server + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem Manager (TSM) cves: cve-2021-4104: investigated: false @@ -39939,10 +75346,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 9.1.0.32 - 9.1.0.44 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -39955,13 +75361,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions on mitigation steps. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Network Manager Outage Management Interface (CMI) + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Update Retriever cves: cve-2021-4104: investigated: false @@ -39969,12 +75375,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 9.0 - 9.10.44 - - 9.1.1 - - 10.3.4 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -39987,13 +75390,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions on mitigation steps. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: nMarket Global I-SEM + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Vantage cves: cve-2021-4104: investigated: false @@ -40001,11 +75404,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 3.7.15 - - 3.7.16 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -40018,13 +75419,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: RelCare + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Administrator (LXCA) cves: cve-2021-4104: investigated: false @@ -40032,10 +75433,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 2.0.0 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -40048,14 +75448,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. The RelCare SaaS hosted solution and - the on-premises have been patched per the recommendations. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: UNEM + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Controller (XCC) cves: cve-2021-4104: investigated: false @@ -40063,13 +75462,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - R15A - - R14B - - R14A - - R11B SP1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -40082,16 +75477,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. For details - on how to apply such patch, please refer to the technical bulletin “UNEM - Installation - of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer - Connect Portal. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: UNEM + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Energy Manager (LXEM) cves: cve-2021-4104: investigated: false @@ -40099,10 +75491,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - R11A and R10 series + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -40115,14 +75506,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: Apply General Mitigations and upgrade to latest version. For upgrades, - please get in touch with your Hitachi Energy contacts. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Vantara - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Essentials (LXCE) cves: cve-2021-4104: investigated: false @@ -40145,13 +75535,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HMS Industrial Networks AB - product: Cosy, Flexy and Ewon CD + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Microsoft Azure Log Analytics cves: cve-2021-4104: investigated: false @@ -40174,13 +75564,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: eCatcher Mobile applications + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Microsoft System Center cves: cve-2021-4104: investigated: false @@ -40203,13 +75593,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: eCatcher Windows software + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Nagios cves: cve-2021-4104: investigated: false @@ -40232,13 +75622,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: Netbiter Hardware including EC, WS, and LC + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for ServiceNow cves: cve-2021-4104: investigated: false @@ -40261,13 +75651,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: Talk2M including M2Web + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for VMware vCenter cves: cve-2021-4104: investigated: false @@ -40290,13 +75680,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HOLOGIC - product: Advanced Workflow Manager (AWM) + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Windows Admin Center cves: cve-2021-4104: investigated: false @@ -40319,15 +75709,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Affirm Prone Biopsy System + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Mobile (LXCM) cves: cve-2021-4104: investigated: false @@ -40350,13 +75738,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Brevera Breast Biopsy System + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Orchestrator (LXCO) cves: cve-2021-4104: investigated: false @@ -40379,13 +75767,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Cenova Image Analytics Server + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Provisioning Manager (LXPM) cves: cve-2021-4104: investigated: false @@ -40408,13 +75796,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Dimensions / 3Dimensions Mammography System + last_updated: '2021-12-14T00:00:00' + - vendor: LeoStream + product: '' cves: cve-2021-4104: investigated: false @@ -40437,13 +75825,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://support.leostream.com/support/discussions/topics/66000507567 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Discovery Bone Densitometer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Let's Encrypt + product: '' cves: cve-2021-4104: investigated: false @@ -40466,13 +75854,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://community.letsencrypt.org/t/log4j-vulnerability-cve-2021-44228/167464 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron CT Specimen Radiography System + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LibreNMS + product: '' cves: cve-2021-4104: investigated: false @@ -40495,16 +75883,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, there is - a utility program installed that may utilize Java and Log4J. This utility program - does not run on startup and is not required for system operation. Please contact - Hologic Service for assistance in removing this program. + - https://community.librenms.org/t/is-librenms-affected-by-vulnerable-to-cve-2021-25218-cve-2021-44228/17675/6 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron Specimen Radiography Systems + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LifeRay + product: '' cves: cve-2021-4104: investigated: false @@ -40527,13 +75912,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://liferay.dev/blogs/-/blogs/log4j2-zero-day-vulnerability notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Fluoroscan Insight Mini C-Arm + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LifeSize + product: '' cves: cve-2021-4104: investigated: false @@ -40556,13 +75941,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://community.lifesize.com/s/article/Apache-Log4j2-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Horizon DXA Bone Densitometer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lightbend + product: '' cves: cve-2021-4104: investigated: false @@ -40585,13 +75970,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Rosetta DC Tomosynthesis Data Converter + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lime CRM + product: '' cves: cve-2021-4104: investigated: false @@ -40614,13 +75999,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://docs.lime-crm.com/security/lcsec21-01 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurView DX Workstation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LIONGARD + product: '' cves: cve-2021-4104: investigated: false @@ -40643,13 +76028,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://insights.liongard.com/faq-apache-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurXChange Router + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LiquidFiles + product: '' cves: cve-2021-4104: investigated: false @@ -40672,13 +76057,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://mailchi.mp/liquidfiles/liquidfiles-log4j?e=%5BUNIQID%5D notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LiveAction + product: '' cves: cve-2021-4104: investigated: false @@ -40701,13 +76086,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://documentation.liveaction.com/LiveNX/LiveNX%2021.5.1%20Release%20Notes/Release%20Notes%20LiveNX%2021.5.1.1.3 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Trident HD Specimen Radiography System + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Loftware + product: '' cves: cve-2021-4104: investigated: false @@ -40730,13 +76115,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://help.loftware.com/lps-kb/content/log4j%20cve-2021-44228.htm?Highlight=CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Unifi Workspace + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LOGalyze + product: SIEM & log analyzer tool cves: cve-2021-4104: investigated: false @@ -40744,8 +76129,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v4.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -40759,15 +76145,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://sourceforge.net/software/product/LOGalyze/ + notes: 'local-log4j-vuln-scanner result: indicator for vulnerable component found + in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j + 1.2.17' references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Windows Selenia Mammography System + - '[Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories)' + last_updated: '2021-12-17T00:00:00' + - vendor: LogiAnalytics + product: '' cves: cve-2021-4104: investigated: false @@ -40790,13 +76176,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228- notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Honeywell - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LogicMonitor + product: LogicMonitor Platform cves: cve-2021-4104: investigated: false @@ -40819,42 +76205,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability + - https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HPE - product: 3PAR StoreServ Arrays + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Logit.io + product: Logit.io Platform cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://logit.io/blog/post/logit-io-log4shell-security-update + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: AirWave Management Platform + last_updated: '2022-02-07T07:10:00+00:00' + - vendor: LogMeIn + product: '' cves: cve-2021-4104: investigated: false @@ -40877,13 +76264,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 6000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LogRhythm + product: '' cves: cve-2021-4104: investigated: false @@ -40906,13 +76293,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 9k + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Looker + product: Looker cves: cve-2021-4104: investigated: false @@ -40920,8 +76307,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '21.0' + - '21.6' + - '21.12' + - '21.16' + - '21.18' + - '21.20' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -40935,13 +76328,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Central + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LucaNet + product: '' cves: cve-2021-4104: investigated: false @@ -40964,13 +76357,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.lucanet.com/en/blog/update-vulnerability-log4j + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lucee + product: '' cves: cve-2021-4104: investigated: false @@ -40993,13 +76386,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://dev.lucee.org/t/lucee-is-not-affected-by-the-log4j-jndi-exploit-cve-2021-44228/9331/4 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lyrasis + product: Fedora Repository cves: cve-2021-4104: investigated: false @@ -41007,10 +76400,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.x + - 4.x + - 5.x + - 6.x cve-2021-45046: investigated: false affected_versions: [] @@ -41022,13 +76419,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://groups.google.com/g/fedora-tech/c/dQMQ5jaX8Xo + notes: Fedora Repository is unaffiliated with Fedora Linux. Uses logback and + explicitly excludes log4j. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Instant (IAP) + last_updated: '2021-12-14T00:00:00' + - vendor: MailStore + product: '' cves: cve-2021-4104: investigated: false @@ -41051,13 +76449,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Location Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Maltego + product: '' cves: cve-2021-4104: investigated: false @@ -41080,13 +76478,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba NetEdit + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ManageEngine + product: AD SelfService Plus cves: cve-2021-4104: investigated: false @@ -41094,10 +76492,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Build 6.1 build 6114 cve-2021-45046: investigated: false affected_versions: [] @@ -41108,14 +76507,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba PVOS Switches + last_updated: '2021-12-27T00:00:00' + - vendor: ManageEngine + product: Servicedesk Plus cves: cve-2021-4104: investigated: false @@ -41123,8 +76521,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 11305 and below fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -41138,13 +76537,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.manageengine.com/products/service-desk/security-response-plan.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba SDN VAN Controller + last_updated: '2021-12-15T00:00:00' + - vendor: ManageEngine Zoho + product: '' cves: cve-2021-4104: investigated: false @@ -41167,13 +76566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba User Experience Insight (UXI) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ManageEngine Zoho + product: ADAudit Plus cves: cve-2021-4104: investigated: false @@ -41196,13 +76595,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba VIA Client + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: ADManager Plus cves: cve-2021-4104: investigated: false @@ -41225,13 +76624,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS SD-WAN Controllers and Gateways + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Analytics Plus cves: cve-2021-4104: investigated: false @@ -41254,13 +76653,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS Wi-Fi Controllers and Gateways + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Cloud Security Plus cves: cve-2021-4104: investigated: false @@ -41283,13 +76682,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-CX switches + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: DataSecurity Plus cves: cve-2021-4104: investigated: false @@ -41312,13 +76711,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-S switches + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: EventLog Analyzer cves: cve-2021-4104: investigated: false @@ -41341,13 +76740,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: BladeSystem Onboard Administrator + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Exchange Reporter Plus cves: cve-2021-4104: investigated: false @@ -41370,13 +76769,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Log360 cves: cve-2021-4104: investigated: false @@ -41399,13 +76798,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Log360 UEBA cves: cve-2021-4104: investigated: false @@ -41428,13 +76827,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: M365 Manager Plus cves: cve-2021-4104: investigated: false @@ -41457,13 +76856,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade Network Advisor + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: M365 Security Plus cves: cve-2021-4104: investigated: false @@ -41486,42 +76885,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' - references: - - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: CloudAuth - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: CloudPhysics + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: RecoveryManager Plus cves: cve-2021-4104: investigated: false @@ -41544,13 +76914,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Compute Cloud Console + last_updated: '2021-12-16T00:00:00' + - vendor: MariaDB + product: '' cves: cve-2021-4104: investigated: false @@ -41573,13 +76943,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Compute operations manager- FW UPDATE SERVICE + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MathWorks + product: All MathWorks general release desktop or server products cves: cve-2021-4104: investigated: false @@ -41587,7 +76957,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -41602,13 +76972,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: COS (Cray Operating System) + last_updated: '2022-01-18T00:00:00' + - vendor: MathWorks + product: MATLAB cves: cve-2021-4104: investigated: false @@ -41616,10 +76986,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -41631,13 +77002,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Cray Systems Management (CSM) + last_updated: '2022-01-18T00:00:00' + - vendor: Matillion + product: Matillion ETL cves: cve-2021-4104: investigated: false @@ -41645,9 +77016,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.59.10+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -41660,13 +77032,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://documentation.matillion.com/docs/security-advisory-14th-december-2021 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Custom SPP Portal [Link](https://spp.hpe.com/custom) + last_updated: '2022-11-01T00:00:00' + - vendor: Matomo + product: '' cves: cve-2021-4104: investigated: false @@ -41689,13 +77061,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Data Services Cloud Console + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mattermost FocalBoard + product: '' cves: cve-2021-4104: investigated: false @@ -41718,13 +77090,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://forum.mattermost.org/t/log4j-vulnerability-concern/12676 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Harmony Data Platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: McAfee + product: Data Exchange Layer (DXL) Client cves: cve-2021-4104: investigated: false @@ -41746,14 +77118,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HOP public services (grafana, vault, rancher, Jenkins) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Data Loss Prevention (DLP) Discover cves: cve-2021-4104: investigated: false @@ -41775,14 +77146,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN2600B SAN Extension Switch + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Data Loss Prevention (DLP) Endpoint for Mac cves: cve-2021-4104: investigated: false @@ -41804,14 +77174,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN4000B SAN Extension Switch + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Data Loss Prevention (DLP) Endpoint for Windows cves: cve-2021-4104: investigated: false @@ -41833,14 +77202,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6000B Fibre Channel Switch + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Data Loss Prevention (DLP) Monitor cves: cve-2021-4104: investigated: false @@ -41862,14 +77230,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6500B Fibre Channel Switch + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Data Loss Prevention (DLP) Prevent cves: cve-2021-4104: investigated: false @@ -41891,14 +77258,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6600B Fibre Channel Switch + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Endpoint Security (ENS) for Linux cves: cve-2021-4104: investigated: false @@ -41920,14 +77286,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6650B Fibre Channel Switch + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Endpoint Security (ENS) for Mac cves: cve-2021-4104: investigated: false @@ -41949,14 +77314,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6700B Fibre Channel Switch + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Endpoint Security (ENS) for Windows cves: cve-2021-4104: investigated: false @@ -41978,14 +77342,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Customer Experience Assurance (CEA) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Enterprise Security Manager (ESM) cves: cve-2021-4104: investigated: false @@ -41993,9 +77356,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 11.5.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42008,13 +77372,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: ePolicy Orchestrator Agent Handlers (ePO-AH) cves: cve-2021-4104: investigated: false @@ -42036,14 +77400,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Home Location Register (HLR/I-HLR) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: ePolicy Orchestrator Application Server (ePO) cves: cve-2021-4104: investigated: false @@ -42051,9 +77414,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.10 CU11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42066,13 +77430,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Infosight for Servers + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Host Intrusion Prevention (Host IPS) cves: cve-2021-4104: investigated: false @@ -42094,14 +77458,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Integrated Home Subscriber Server (I-HSS) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Management of Native Encryption (MNE) cves: cve-2021-4104: investigated: false @@ -42123,14 +77486,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Intelligent Messaging (IM) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Active Response (MAR) cves: cve-2021-4104: investigated: false @@ -42152,14 +77514,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Intelligent Network Server (INS) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Agent (MA) cves: cve-2021-4104: investigated: false @@ -42181,14 +77542,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Multimedia Services Environment (MSE) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Application and Change Control (MACC) for Linux cves: cve-2021-4104: investigated: false @@ -42210,14 +77570,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Convergent Communications Platform (OCCP) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Application and Change Control (MACC) for Windows cves: cve-2021-4104: investigated: false @@ -42239,14 +77598,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Media Platform Media Resource Function (OCMP-MRF) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Client Proxy (MCP) for Mac cves: cve-2021-4104: investigated: false @@ -42268,14 +77626,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Service Access Controller (OC SAC) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Client Proxy (MCP) for Windows cves: cve-2021-4104: investigated: false @@ -42297,14 +77654,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Service Controller (OCSC) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Drive Encryption (MDE) cves: cve-2021-4104: investigated: false @@ -42326,14 +77682,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Universal Signaling Platform (OC-USP-M) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Security for Microsoft Exchange (MSME) cves: cve-2021-4104: investigated: false @@ -42355,14 +77710,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OneView + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Security for Microsoft Exchange (MSME) cves: cve-2021-4104: investigated: false @@ -42384,14 +77738,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE OneView for VMware vRealize Operations (vROps) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Security for Microsoft SharePoint (MSMS) cves: cve-2021-4104: investigated: false @@ -42413,14 +77766,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE OneView Global Dashboard + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Network Security Manager (NSM) cves: cve-2021-4104: investigated: false @@ -42442,14 +77794,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Performance Cluster Manager (HPCM) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Network Security Platform (NSP) cves: cve-2021-4104: investigated: false @@ -42471,14 +77822,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Performance Manager (PM) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Policy Auditor cves: cve-2021-4104: investigated: false @@ -42500,14 +77850,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Position Determination Entity (PDE) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Threat Intelligence Exchange (TIE) cves: cve-2021-4104: investigated: false @@ -42530,13 +77879,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + notes: Latest status in linked Security Bulletin references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Secure Identity Broker (SIB) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Web Gateway (MWG) cves: cve-2021-4104: investigated: false @@ -42559,13 +77908,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Activator (SA) + last_updated: '2021-12-20T00:00:00' + - vendor: Medtronic + product: '' cves: cve-2021-4104: investigated: false @@ -42588,13 +77937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://global.medtronic.com/xg-en/product-security/security-bulletins/log4j-vulnerabilities.html + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Governance Framework (SGF) + last_updated: '2021-12-21T00:00:00' + - vendor: MEINBERG + product: '' cves: cve-2021-4104: investigated: false @@ -42617,13 +77966,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Orchestration Manager (SOM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MEINBERG + product: LANTIME and microSync cves: cve-2021-4104: investigated: false @@ -42646,13 +77995,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Provisioner (SP) + last_updated: '2022-01-05T00:00:00' + - vendor: Meltano + product: Meltano cves: cve-2021-4104: investigated: false @@ -42675,13 +78024,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://github.com/meltano/meltano + notes: Project is written in Python references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Short Message Point-to-Point Gateway (SMPP) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Memurai + product: '' cves: cve-2021-4104: investigated: false @@ -42704,13 +78053,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.memurai.com/blog/apache-log4j2-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Slingshot + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -42718,9 +78067,19 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '10.20' + - '10.30' + - '10.40' + - '10.50' + - '10.60' + - '10.70' + - '10.80' + - '10.90' + - '10.91' + - '11.00' unaffected_versions: [] cve-2021-45046: investigated: false @@ -42733,13 +78092,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://portal.microfocus.com/s/article/KM000003052 + notes: '' references: - - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Smart Interaction Server (SIS) + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-13T00:00:00' + - vendor: Microsoft + product: Azure API Gateway cves: cve-2021-4104: investigated: false @@ -42762,13 +78121,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE SN3000B Fibre Channel Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure Application Gateway cves: cve-2021-4104: investigated: false @@ -42791,13 +78150,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8000B 4-Slot SAN Director Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure Data lake store java cves: cve-2021-4104: investigated: false @@ -42805,10 +78164,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - < 2.3.10 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure Data lake store java + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 2.3.10 + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -42820,13 +78210,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8000B 8-Slot SAN Backbone Director Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure DevOps cves: cve-2021-4104: investigated: false @@ -42849,13 +78239,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8600B 4-Slot SAN Director Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure DevOps Server cves: cve-2021-4104: investigated: false @@ -42863,8 +78253,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2019.0 - 2020.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -42878,13 +78269,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8600B 8-Slot SAN Director Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure Traffic Manager cves: cve-2021-4104: investigated: false @@ -42907,13 +78298,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8700B 4-Slot Director Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Team Foundation Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2018.2+ + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microstrategy + product: '' cves: cve-2021-4104: investigated: false @@ -42936,13 +78357,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8700B 8-Slot Director Switch + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Midori Global + product: '' cves: cve-2021-4104: investigated: false @@ -42965,13 +78386,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.midori-global.com/blog/2021/12/15/cve-2021-44228-log4shell-midori-apps-are-not-affected + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Subscriber, Network, and Application Policy (SNAP) + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Mikrotik + product: '' cves: cve-2021-4104: investigated: false @@ -42994,13 +78415,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://forum.mikrotik.com/viewtopic.php?p=897938 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Subscription Manager (SM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Milestone sys + product: '' cves: cve-2021-4104: investigated: false @@ -43023,13 +78444,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://supportcommunity.milestonesys.com/s/article/Log4J-vulnerability-faq?language=en_US + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Synergy Image Streamer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mimecast + product: '' cves: cve-2021-4104: investigated: false @@ -43052,13 +78473,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://community.mimecast.com/s/article/Mimecast-Information-for-Customers-on-the-Log4Shell-Vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Systems Insight Manager (SIM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Minecraft + product: '' cves: cve-2021-4104: investigated: false @@ -43081,13 +78502,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Telecom Application Server (TAS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mirantis + product: '' cves: cve-2021-4104: investigated: false @@ -43110,13 +78531,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Unified Correlation and Automation (UCA) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Miro + product: '' cves: cve-2021-4104: investigated: false @@ -43139,13 +78560,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://miro.com/trust/updates/log4j/ + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Unified Mediation Bus (UMB) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mitel + product: '' cves: cve-2021-4104: investigated: false @@ -43168,13 +78589,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Unified OSS Console (UOC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MMM Group + product: Control software of all MMM series cves: cve-2021-4104: investigated: false @@ -43197,13 +78618,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Unified Topology Manager (UTM) + last_updated: '2022-01-05T00:00:00' + - vendor: MMM Group + product: RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server cves: cve-2021-4104: investigated: false @@ -43226,13 +78647,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Universal Identity Repository (VIR) + last_updated: '2022-01-05T00:00:00' + - vendor: MongoDB + product: All other components of MongoDB Atlas (including Atlas Database, Data + Lake, Charts) cves: cve-2021-4104: investigated: false @@ -43255,13 +78677,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Universal SLA Manager (uSLAM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Atlas Search cves: cve-2021-4104: investigated: false @@ -43284,13 +78706,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Virtual Connect + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Community Edition (including Community Server, Cloud Manager, + Community Kubernetes Operators) cves: cve-2021-4104: investigated: false @@ -43313,13 +78736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Virtual Connect Enterprise Manager (VCEM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Drivers cves: cve-2021-4104: investigated: false @@ -43342,13 +78765,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Virtual Provisioning Gateway (vPGW) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, + Enterprise Kubernetes Operators) cves: cve-2021-4104: investigated: false @@ -43371,13 +78795,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Virtual Server Environment (VSE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Realm (including Realm Database, Sync, Functions, APIs) cves: cve-2021-4104: investigated: false @@ -43400,13 +78824,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Virtual Subscriber Data Management (vSDM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas + CLI, Database Connectors) cves: cve-2021-4104: investigated: false @@ -43429,13 +78854,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE WebRTC Gateway Controller (WGW) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Moodle + product: '' cves: cve-2021-4104: investigated: false @@ -43458,13 +78883,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://moodle.org/mod/forum/discuss.php?d=429966 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Wi-Fi Authentication Gateway (WauG) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MoogSoft + product: '' cves: cve-2021-4104: investigated: false @@ -43487,13 +78912,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Insight Cluster Management Utility (CMU) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Motorola Avigilon + product: '' cves: cve-2021-4104: investigated: false @@ -43516,42 +78941,45 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Integrated Lights-Out (iLO) Amplifier Pack + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Moxa + product: '' cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability + notes: Moxa is investigating to determine if any of our products are affected + by this vulnerability. At the time of publication, none of Moxa's products are + affected. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Integrated Lights-Out 4 (iLO 4) + last_updated: '2022-01-19T00:00:00' + - vendor: Mulesoft + product: '' cves: cve-2021-4104: investigated: false @@ -43559,11 +78987,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '4' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -43575,13 +79002,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Integrated Lights-Out 5 (iLO 5) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mulesoft + product: Anypoint Studio cves: cve-2021-4104: investigated: false @@ -43590,10 +79018,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 7.x fixed_versions: [] - unaffected_versions: - - '5' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -43605,13 +79033,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Integrity BL860c, BL870c, BL890c + last_updated: '2021-12-15T00:00:00' + - vendor: Mulesoft + product: Cloudhub cves: cve-2021-4104: investigated: false @@ -43634,13 +79063,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Integrity Rx2800/Rx2900 + last_updated: '2021-12-15T00:00:00' + - vendor: Mulesoft + product: Mule Agent cves: cve-2021-4104: investigated: false @@ -43648,8 +79078,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -43663,13 +79094,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Integrity Superdome 2 + last_updated: '2021-12-15T00:00:00' + - vendor: Mulesoft + product: Mule Runtime cves: cve-2021-4104: investigated: false @@ -43677,8 +79109,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.x + - 4.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -43692,13 +79126,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Integrity Superdome X + last_updated: '2021-12-15T00:00:00' + - vendor: N-able + product: '' cves: cve-2021-4104: investigated: false @@ -43721,13 +79156,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Intelligent Provisioning + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nagios + product: '' cves: cve-2021-4104: investigated: false @@ -43750,13 +79185,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: iSUT integrated smart update tool + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NAKIVO + product: '' cves: cve-2021-4104: investigated: false @@ -43779,42 +79214,46 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Maven Artifacts (Atlas) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: National Instruments + product: OptimalPlus cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Vertica + - Cloudera + - Logstash fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html + notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact + Technical Support references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: MSA + last_updated: '2022-01-05T00:00:00' + - vendor: Neo4j + product: Neo4j Graph Database cves: cve-2021-4104: investigated: false @@ -43822,8 +79261,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '>4.2' + - <4..2.12 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -43836,14 +79277,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: NetEdit + last_updated: '2021-12-13T00:00:00' + - vendor: Netapp + product: Multiple NetApp products cves: cve-2021-4104: investigated: false @@ -43866,13 +79306,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://security.netapp.com/advisory/ntap-20211210-0007/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Nimble Storage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Netcup + product: '' cves: cve-2021-4104: investigated: false @@ -43895,13 +79335,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: NS-T0634-OSM CONSOLE TOOLS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NetGate PFSense + product: '' cves: cve-2021-4104: investigated: false @@ -43924,13 +79364,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: NS-T0977-SCHEMA VALIDATOR + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Netwrix + product: '' cves: cve-2021-4104: investigated: false @@ -43953,13 +79393,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.netwrix.com/netwrix_statement_on_cve_2021_44228_the_apache_log4j_vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: OfficeConnect + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: New Relic + product: Containerized Private Minion (CPM) cves: cve-2021-4104: investigated: false @@ -43967,9 +79407,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.0.57 unaffected_versions: [] cve-2021-45046: investigated: false @@ -43982,13 +79423,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/ + notes: New Relic is in the process of revising guidance/documentation, however + the fix version remains sufficient. references: - - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Primera Storage + - '[Security Bulletin NR21-04](https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/)' + last_updated: '2021-12-18T00:00:00' + - vendor: New Relic + product: New Relic Java Agent cves: cve-2021-4104: investigated: false @@ -43996,8 +79438,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <7.4.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -44011,13 +79454,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-743/ + notes: Initially fixed in 7.4.2, but additional vulnerability found references: - - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: RepoServer part of OPA (on Premises aggregator) + - '[New Relic tracking](https://github.com/newrelic/newrelic-java-agent/issues/605), + covers CVE-2021-44228, CVE-2021-45046' + last_updated: '2021-12-20T00:00:00' + - vendor: NextCloud + product: '' cves: cve-2021-4104: investigated: false @@ -44040,13 +79484,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Resource Aggregator for Open Distributed Infrastructure Management + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nextflow + product: Nextflow cves: cve-2021-4104: investigated: false @@ -44054,10 +79498,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 21.04.0.5552 cve-2021-45046: investigated: false affected_versions: [] @@ -44069,13 +79514,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.nextflow.io/docs/latest/index.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: RESTful Interface Tool (iLOREST) + last_updated: '2021-12-21T00:00:00' + - vendor: Nexus Group + product: '' cves: cve-2021-4104: investigated: false @@ -44098,13 +79543,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: SAT (System Admin Toolkit) + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Nice Software (AWS) EnginFRAME + product: '' cves: cve-2021-4104: investigated: false @@ -44127,13 +79572,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://download.enginframe.com/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NinjaRMM + product: '' cves: cve-2021-4104: investigated: false @@ -44156,13 +79601,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j- + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: SGI MC990 X Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nomachine + product: '' cves: cve-2021-4104: investigated: false @@ -44185,13 +79631,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://forums.nomachine.com/topic/apache-log4j-notification + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: SGI UV 2000 Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NoviFlow + product: '' cves: cve-2021-4104: investigated: false @@ -44214,13 +79660,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://noviflow.com/noviflow-products-and-the-log4shell-exploit-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: SGI UV 300, 300H, 300RL, 30EX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Backlog cves: cve-2021-4104: investigated: false @@ -44228,9 +79674,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - N/A (SaaS) unaffected_versions: [] cve-2021-45046: investigated: false @@ -44243,13 +79690,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://nulab.com/blog/company-news/log4shell/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: SGI UV 3000 Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Backlog Enterprise (On-premises) cves: cve-2021-4104: investigated: false @@ -44257,9 +79704,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.11.7 unaffected_versions: [] cve-2021-45046: investigated: false @@ -44272,13 +79720,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://nulab.com/blog/company-news/log4shell/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: SN8700B 8-Slot Director Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Cacoo cves: cve-2021-4104: investigated: false @@ -44286,9 +79734,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - N/A (SaaS) unaffected_versions: [] cve-2021-45046: investigated: false @@ -44301,13 +79750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://nulab.com/blog/company-news/log4shell/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: StoreEasy + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Cacoo Enterprise (On-premises) cves: cve-2021-4104: investigated: false @@ -44315,9 +79764,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 4.0.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -44330,13 +79780,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://nulab.com/blog/company-news/log4shell/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: StoreEver CVTL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Typetalk cves: cve-2021-4104: investigated: false @@ -44344,9 +79794,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - N/A (SaaS) unaffected_versions: [] cve-2021-45046: investigated: false @@ -44359,13 +79810,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://nulab.com/blog/company-news/log4shell/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: StoreEver LTO Tape Drives + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nutanix + product: AHV cves: cve-2021-4104: investigated: false @@ -44373,10 +79824,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -44388,13 +79840,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: StoreEver MSL Tape Libraries + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: AOS cves: cve-2021-4104: investigated: false @@ -44402,10 +79854,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - LTS (including Prism Element) + - Community Edition cve-2021-45046: investigated: false affected_versions: [] @@ -44417,13 +79871,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: StoreOnce + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: AOS cves: cve-2021-4104: investigated: false @@ -44431,9 +79885,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - STS (including Prism Element) unaffected_versions: [] cve-2021-45046: investigated: false @@ -44446,13 +79901,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Patched in 6.0.2.4, available on the Portal for download. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: SUM (Smart Update Manager) + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Beam cves: cve-2021-4104: investigated: false @@ -44475,13 +79930,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Superdome Flex 280 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: BeamGov cves: cve-2021-4104: investigated: false @@ -44504,13 +79959,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Superdome Flex Server + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Calm cves: cve-2021-4104: investigated: false @@ -44518,10 +79973,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -44533,13 +79989,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: UAN (User Access Node) + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Calm Tunnel VM cves: cve-2021-4104: investigated: false @@ -44547,10 +80003,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -44562,13 +80019,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HP - product: Teradici Cloud Access Controller + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Collector cves: cve-2021-4104: investigated: false @@ -44578,9 +80035,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < v113 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -44592,13 +80049,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici EMSDK + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Collector Portal cves: cve-2021-4104: investigated: false @@ -44606,41 +80063,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - < 1.0.6 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici Management Console - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - < 21.10.3 - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -44652,13 +80078,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP Connection Manager + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Data Lens cves: cve-2021-4104: investigated: false @@ -44666,11 +80092,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 21.03.6 - - < 20.07.4 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -44683,13 +80107,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP License Server + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Era cves: cve-2021-4104: investigated: false @@ -44697,10 +80121,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -44712,13 +80137,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Huawei - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: File Analytics cves: cve-2021-4104: investigated: false @@ -44726,8 +80151,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.1.x + - 2.2.x + - 3.0+ fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -44741,13 +80169,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigated in version 3.0.1 which is available on the Portal for download. + Mitigation is available [here](https://portal.nutanix.com/kb/12499) references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Hubspot - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Files cves: cve-2021-4104: investigated: false @@ -44755,10 +80184,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -44770,13 +80200,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: I-Net software - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Flow cves: cve-2021-4104: investigated: false @@ -44784,10 +80214,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -44799,13 +80230,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: I2P - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Flow Security Cental cves: cve-2021-4104: investigated: false @@ -44828,13 +80259,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: IBA-AG - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Foundation cves: cve-2021-4104: investigated: false @@ -44842,10 +80273,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -44857,13 +80289,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.iba-ag.com/en/security + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Ibexa - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Frame cves: cve-2021-4104: investigated: false @@ -44886,13 +80318,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://developers.ibexa.co/security-advisories/cve-2021-44228-log4j-vulnerability - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: IBM - product: Analytics Engine + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: FrameGov cves: cve-2021-4104: investigated: false @@ -44915,13 +80347,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: App Configuration + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: FSCVM cves: cve-2021-4104: investigated: false @@ -44929,10 +80361,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -44944,13 +80377,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: App Connect + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Insights cves: cve-2021-4104: investigated: false @@ -44973,13 +80406,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: App ID + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Karbon cves: cve-2021-4104: investigated: false @@ -44987,8 +80420,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -45002,13 +80436,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12483) references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Application Gateway + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Karbon Platform Service cves: cve-2021-4104: investigated: false @@ -45031,13 +80465,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: LCM cves: cve-2021-4104: investigated: false @@ -45045,10 +80479,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -45060,13 +80495,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera Endpoint + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Leap cves: cve-2021-4104: investigated: false @@ -45089,13 +80524,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera Enterprise + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Mine cves: cve-2021-4104: investigated: false @@ -45103,8 +80538,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -45118,13 +80554,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12484) references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera fasp.io + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Move cves: cve-2021-4104: investigated: false @@ -45132,10 +80568,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -45147,13 +80584,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Bare Metal Servers + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: MSP cves: cve-2021-4104: investigated: false @@ -45161,8 +80598,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -45176,13 +80614,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: BigFix Compliance + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: NCC cves: cve-2021-4104: investigated: false @@ -45190,10 +80628,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -45204,13 +80643,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: IBM - product: BigFix Inventory + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: NGT cves: cve-2021-4104: investigated: false @@ -45219,10 +80659,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - VM Manager Tool & SAP Tool + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -45233,15 +80673,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: To verify if your instance is affected, go to the lib subdirectory of the - tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version - of log4j is included. Version is included in the name of the library. + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: IBM - product: Block Storage + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Objects cves: cve-2021-4104: investigated: false @@ -45249,8 +80688,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -45264,13 +80704,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Block Storage for VPC + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Prism Central cves: cve-2021-4104: investigated: false @@ -45278,9 +80718,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -45293,13 +80734,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Patched in 2021-9.0.3, available on the Portal for download. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Block Storage Snapshots for VPC + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Sizer cves: cve-2021-4104: investigated: false @@ -45322,13 +80763,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Case Manager + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Volumes cves: cve-2021-4104: investigated: false @@ -45336,10 +80777,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -45351,13 +80793,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Certificate Manager + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Witness VM cves: cve-2021-4104: investigated: false @@ -45365,8 +80807,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -45380,13 +80823,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12491) references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Client VPN for VPC + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: X-Ray cves: cve-2021-4104: investigated: false @@ -45394,10 +80837,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -45409,13 +80853,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Activity Tracker + last_updated: '2021-12-20T00:00:00' + - vendor: Nvidia + product: '' cves: cve-2021-4104: investigated: false @@ -45438,13 +80882,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://nvidia.custhelp.com/app/answers/detail/a_id/5294 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Backup + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NXLog + product: '' cves: cve-2021-4104: investigated: false @@ -45467,13 +80911,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Monitoring + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Objectif Lune + product: '' cves: cve-2021-4104: investigated: false @@ -45496,13 +80940,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://learn.objectiflune.com/blog/security/statement-on-log4j-vulnerability-cve-2021-4428/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Object Storage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OCLC + product: '' cves: cve-2021-4104: investigated: false @@ -45525,13 +80969,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://oclc.service-now.com/status notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Object Storage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Octopus + product: '' cves: cve-2021-4104: investigated: false @@ -45554,13 +80998,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://advisories.octopus.com/adv/December.2306508680.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloudant + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Okta + product: Advanced Server Access cves: cve-2021-4104: investigated: false @@ -45583,13 +81027,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Code Engine + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Access Gateway cves: cve-2021-4104: investigated: false @@ -45612,13 +81056,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cognos Command Center + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta AD Agent cves: cve-2021-4104: investigated: false @@ -45641,13 +81085,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cognos Controller + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Browser Plugin cves: cve-2021-4104: investigated: false @@ -45655,9 +81099,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 10.4.2 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -45671,13 +81114,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/support/pages/node/6526468> + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cognos Integration Server + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta IWA Web Agent cves: cve-2021-4104: investigated: false @@ -45700,13 +81143,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose Enterprise + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta LDAP Agent cves: cve-2021-4104: investigated: false @@ -45729,13 +81172,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for Elasticsearch + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Mobile cves: cve-2021-4104: investigated: false @@ -45758,13 +81201,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for etcd + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta On-Prem MFA Agent cves: cve-2021-4104: investigated: false @@ -45772,8 +81215,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 1.4.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -45787,13 +81231,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for MongoDB + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta RADIUS Server Agent cves: cve-2021-4104: investigated: false @@ -45801,8 +81245,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 2.17.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -45816,13 +81261,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for MySQL + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Verify cves: cve-2021-4104: investigated: false @@ -45845,13 +81290,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for PostgreSQL + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Workflows cves: cve-2021-4104: investigated: false @@ -45874,13 +81319,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for RabbitMQ + last_updated: '2021-12-12T00:00:00' + - vendor: Onespan + product: '' cves: cve-2021-4104: investigated: false @@ -45903,13 +81348,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.onespan.com/remote-code-execution-vulnerability-in-log4j2-cve-2018-11776 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for Redis + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Opengear + product: '' cves: cve-2021-4104: investigated: false @@ -45932,13 +81377,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for RethinkDB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OpenMRS TALK + product: '' cves: cve-2021-4104: investigated: false @@ -45961,13 +81406,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for ScyllaDB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OpenNMS + product: '' cves: cve-2021-4104: investigated: false @@ -45990,13 +81435,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Container Registry + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OpenSearch + product: '' cves: cve-2021-4104: investigated: false @@ -46019,13 +81464,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Container Security Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OpenText + product: '' cves: cve-2021-4104: investigated: false @@ -46048,13 +81493,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.opentext.com/support/log4j-remote-code-execution-advisory notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Content Delivery Network + last_updated: '2021-12-23T00:00:00' + - vendor: Opto 22 + product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP cves: cve-2021-4104: investigated: false @@ -46062,10 +81507,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-AT1, GROOV-AT1-SNAP + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -46077,13 +81555,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Continuous Delivery + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP cves: cve-2021-4104: investigated: false @@ -46091,10 +81569,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GRV-EPIC-PR1, GRV-EPIC-PR2 + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 3.3.2 + fixed_versions: + - 3.3.2 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -46106,13 +81617,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Copy Services Manager + last_updated: '2022-01-13T00:00:00' + - vendor: Oracle + product: '' cves: cve-2021-4104: investigated: false @@ -46135,13 +81646,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + notes: The support document is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for DataStax + last_updated: '2021-12-17T00:00:00' + - vendor: Oracle + product: Enterprise Manager cves: cve-2021-4104: investigated: false @@ -46149,8 +81661,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '13.5' + - 13.4 & 13.3.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -46164,13 +81678,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + notes: Patch status and other security guidance is restricted to Oracle account/support + members. The support document is available to customers only and has not been + reviewed by CISA. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for EDB + last_updated: '2021-12-17T00:00:00' + - vendor: Oracle + product: Exadata cves: cve-2021-4104: investigated: false @@ -46178,8 +81694,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <21.3.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -46193,13 +81710,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + notes: Patch status and other security guidance is restricted to Oracle account/support + members. The support document is available to customers only and has not been + reviewed by CISA. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for Elasticsearch + last_updated: '2021-12-17T00:00:00' + - vendor: Orgavision + product: '' cves: cve-2021-4104: investigated: false @@ -46222,13 +81741,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for etcd + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Osirium + product: PAM cves: cve-2021-4104: investigated: false @@ -46251,13 +81770,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.osirium.com/blog/apache-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for MongoDB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Osirium + product: PEM cves: cve-2021-4104: investigated: false @@ -46280,13 +81799,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.osirium.com/blog/apache-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for PostgreSQL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Osirium + product: PPA cves: cve-2021-4104: investigated: false @@ -46309,13 +81828,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.osirium.com/blog/apache-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for Redis + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OTRS + product: '' cves: cve-2021-4104: investigated: false @@ -46338,42 +81857,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Datapower Gateway - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://portal.otrs.com/external notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Dedicated Host for VPC + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OVHCloud + product: '' cves: cve-2021-4104: investigated: false @@ -46396,13 +81886,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://blog.ovhcloud.com/log4shell-how-to-protect-my-cloud-workloads/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Connect + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OwnCloud + product: '' cves: cve-2021-4104: investigated: false @@ -46425,13 +81915,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://central.owncloud.org/t/owncloud-not-directly-affected-by-log4j-vulnerability/35493 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Connect on Classic + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OxygenXML + product: Author cves: cve-2021-4104: investigated: false @@ -46453,14 +81943,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Dedicated (2.0) + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Developer cves: cve-2021-4104: investigated: false @@ -46482,14 +81971,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Dedicated Hosting on Classic + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Editor cves: cve-2021-4104: investigated: false @@ -46511,14 +81999,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Dedicated on Classic + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen Content Fusion cves: cve-2021-4104: investigated: false @@ -46526,8 +82013,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '2.0' + - '3.0' + - '4.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -46540,14 +82030,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Exchange on Classic + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen Feedback Enterprise cves: cve-2021-4104: investigated: false @@ -46555,8 +82044,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.4.4 & older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -46569,14 +82059,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: DNS Services + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen License Server cves: cve-2021-4104: investigated: false @@ -46584,8 +82073,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v22.1 to v24.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -46598,14 +82088,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Contract Management + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen PDF Chemistry cves: cve-2021-4104: investigated: false @@ -46613,8 +82102,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v22.1 + - '23.0' + - '23.1' + - '24.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -46627,14 +82120,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Program Management + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen SDK cves: cve-2021-4104: investigated: false @@ -46656,14 +82148,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Sourcing + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Plugins (see advisory link) cves: cve-2021-4104: investigated: false @@ -46685,14 +82176,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Spend Analysis + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Publishing Engine cves: cve-2021-4104: investigated: false @@ -46714,14 +82204,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Supplier Lifecycle Management + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Web Author cves: cve-2021-4104: investigated: false @@ -46743,14 +82232,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Enterprise Tape Controller Model C07 (3592) (ETC) + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: WebHelp cves: cve-2021-4104: investigated: false @@ -46772,14 +82260,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Event Notifications + last_updated: '2021-12-17T00:00:00' + - vendor: Paessler + product: PRTG cves: cve-2021-4104: investigated: false @@ -46787,10 +82274,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -46802,13 +82290,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://docs.rundeck.com/docs/history/CVEs/#log4shell-cves notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Event Streams + last_updated: '2021-12-21T00:00:00' + - vendor: PagerDuty + product: PagerDuty Rundeck cves: cve-2021-4104: investigated: false @@ -46816,9 +82304,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.3+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -46831,13 +82320,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability + notes: We currently see no evidence of compromises on our platform. Our teams + continue to monitor for new developments and for impacts on sub-processors and + dependent systems. PagerDuty SaaS customers do not need to take any additional + action for their PagerDuty SaaS environment. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: File Storage + last_updated: '2021-12-21T00:00:00' + - vendor: PagerDuty + product: PagerDuty SaaS cves: cve-2021-4104: investigated: false @@ -46845,9 +82337,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -46860,13 +82353,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability + notes: We currently see no evidence of compromises on our platform. Our teams + continue to monitor for new developments and for impacts on sub-processors and + dependent systems. PagerDuty SaaS customers do not need to take any additional + action for their PagerDuty SaaS environment references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Flash System 900 (& 840) + last_updated: '2021-12-21T00:00:00' + - vendor: Palantir + product: Palantir AI Inference Platform (AIP) cves: cve-2021-4104: investigated: false @@ -46874,9 +82370,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -46888,14 +82385,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: Fully remediated as of 1.97.0. Disconnected customer instances may require + manual updates. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Flow Logs for VPC + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Apollo cves: cve-2021-4104: investigated: false @@ -46903,10 +82401,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -46918,13 +82417,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact, and updates have been deployed for full remediation. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Functions + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Foundry cves: cve-2021-4104: investigated: false @@ -46932,9 +82431,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -46947,13 +82447,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: GSKit + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Gotham cves: cve-2021-4104: investigated: false @@ -46961,9 +82463,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -46976,13 +82479,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Guardium S-TAP for Data Sets on z/OS + last_updated: '2021-12-19T00:00:00' + - vendor: Palo-Alto Networks + product: Bridgecrew cves: cve-2021-4104: investigated: false @@ -46990,10 +82495,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47005,13 +82511,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Guardium S-TAP for DB2 on z/OS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: CloudGenix cves: cve-2021-4104: investigated: false @@ -47019,10 +82525,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47034,13 +82541,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Guardium S-TAP for IMS on z/OS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Data Lake cves: cve-2021-4104: investigated: false @@ -47048,10 +82555,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47063,13 +82571,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Hyper Protect Crypto Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XDR Agent cves: cve-2021-4104: investigated: false @@ -47077,10 +82585,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47092,13 +82601,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Hyper Protect DBaaS for MongoDB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Xpanse cves: cve-2021-4104: investigated: false @@ -47106,10 +82615,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47121,13 +82631,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Hyper Protect DBaaS for PostgreSQL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XSOAR cves: cve-2021-4104: investigated: false @@ -47135,10 +82645,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47150,13 +82661,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Hyper Protect Virtual Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Exact Data Matching CLI cves: cve-2021-4104: investigated: false @@ -47164,9 +82675,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '1.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -47179,13 +82691,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: i2 Analyst’s Notebook + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Expedition cves: cve-2021-4104: investigated: false @@ -47193,10 +82705,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47208,13 +82721,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: i2 Base + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: GlobalProtect App cves: cve-2021-4104: investigated: false @@ -47222,10 +82735,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47237,13 +82751,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Application Runtime Expert for i + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: IoT Security cves: cve-2021-4104: investigated: false @@ -47251,10 +82765,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47266,13 +82781,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Backup, Recovery and Media Services for i + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Okyo Grade cves: cve-2021-4104: investigated: false @@ -47280,10 +82795,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47295,13 +82811,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Db2 Mirror for i + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-DB Private Cloud cves: cve-2021-4104: investigated: false @@ -47309,10 +82825,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47324,13 +82841,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM HTTP Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Firewall and Wildfire cves: cve-2021-4104: investigated: false @@ -47338,10 +82855,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47353,13 +82871,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM i Access Family + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Panorama cves: cve-2021-4104: investigated: false @@ -47367,9 +82885,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 9.0.15 + - 9.1.12-h3 + - 10.0.8-h8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -47382,13 +82903,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - - '' + - Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will + be updated when hot fixes for the affected Panorama versions are available. + PAN-OS for Panorama versions 8.1, 10.1 are not affected. last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM i Portfolio of products under the Group SWMA + - vendor: Palo-Alto Networks + product: Prisma Access cves: cve-2021-4104: investigated: false @@ -47396,10 +82919,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47411,13 +82935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM PowerHA System Mirror for i + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud cves: cve-2021-4104: investigated: false @@ -47425,10 +82949,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47440,13 +82965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Direct Browser User Interface + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud Compute cves: cve-2021-4104: investigated: false @@ -47454,10 +82979,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47469,13 +82995,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Direct File Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma SD-WAN (CloudGenix) cves: cve-2021-4104: investigated: false @@ -47484,10 +83010,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - See Vendor Links + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47499,15 +83025,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-connectdirect-for-unix-cve-2021-44228/ + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - - '[https://www.ibm.com/support/pages/node/6526688](https://www.ibm.com/support/pages/node/6526688), - [https://www.ibm.com/support/pages/node/6528324](https://www.ibm.com/support/pages/node/6528324), - [https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/)' - last_updated: '2021-12-20T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Direct for HP NonStop + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: SaaS Security cves: cve-2021-4104: investigated: false @@ -47515,10 +83039,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47530,13 +83055,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Direct for i5/OS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: User-ID Agent cves: cve-2021-4104: investigated: false @@ -47544,10 +83069,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47559,13 +83085,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Direct for OpenVMS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Appliance cves: cve-2021-4104: investigated: false @@ -47573,10 +83099,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47588,13 +83115,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Express for Microsoft Windows + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Cloud cves: cve-2021-4104: investigated: false @@ -47602,10 +83129,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -47617,535 +83145,553 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Express for UNIX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Panasonic + product: KX-HDV100 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Express for z/OS + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV130 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Instana Agent + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV230 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Timestamp lower than 12-11-2021 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.instana.io/incidents/4zgcd2gzf4jw + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: IBM - product: Internet Services + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV330 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Key Lifecycle Manager for z/OS + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV340 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Key Protect + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV430 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Knowledge Studio + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV800 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Kubernetes Service + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP500 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Load Balancer for VPC + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP550 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Log Analysis + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP600 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Managed VMware Service + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP700 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Management Extender for VMware vCenter + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UDS124 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: IBM - product: Mass Data Migration + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT113 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Maximo EAM SaaS + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT123 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Message Hub + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT133 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: MQ Appliance + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT136 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: MQ on IBM Cloud + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT248 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Natural Language Understanding + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT670 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: OmniFind Text Search Server for DB2 for i + last_updated: '2022-01-20T00:00:00' + - vendor: Panopto + product: All cves: cve-2021-4104: investigated: false @@ -48168,13 +83714,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: OPENBMC + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PaperCut + product: PaperCut Hive cves: cve-2021-4104: investigated: false @@ -48182,10 +83728,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -48197,13 +83744,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Planning Analytics Workspace + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut MF cves: cve-2021-4104: investigated: false @@ -48213,7 +83760,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '>2.0.57' + - 21.0 and later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -48227,13 +83774,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/support/pages/node/6525700 - notes: '' + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Power HMC + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut MobilityPrint cves: cve-2021-4104: investigated: false @@ -48242,10 +83791,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - V9.2.950.0 & V10.1.1010.0 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -48257,13 +83806,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/support/pages/node/6526172?myns=pwrsmc&mynp=OCSGGSNP&mync=E&cm_sp=pwrsmc-_-OCSGGSNP-_-E + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: PowerSC + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut MultiVerse cves: cve-2021-4104: investigated: false @@ -48271,10 +83820,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -48286,13 +83836,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: PowerVM Hypervisor + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut NG cves: cve-2021-4104: investigated: false @@ -48300,10 +83850,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - 21.0 and later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Online Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -48315,13 +83898,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: PowerVM VIOS + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Pocket cves: cve-2021-4104: investigated: false @@ -48329,10 +83912,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -48344,13 +83928,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: QRadar Advisor + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Print Logger cves: cve-2021-4104: investigated: false @@ -48358,10 +83942,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -48373,13 +83958,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Qradar Network Threat Analytics + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Views cves: cve-2021-4104: investigated: false @@ -48387,10 +83972,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -48402,13 +83988,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: QRadar SIEM + last_updated: '2021-12-16T00:00:00' + - vendor: Parallels + product: Remote Application Server cves: cve-2021-4104: investigated: false @@ -48416,10 +84002,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -48431,13 +84018,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://kb.parallels.com/en/128696 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Quantum Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Parse.ly + product: All cves: cve-2021-4104: investigated: false @@ -48460,13 +84047,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://blog.parse.ly/parse-ly-log4shell/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Rational Developer for AIX and Linux + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PBXMonitor + product: RMM for 3CX PBX cves: cve-2021-4104: investigated: false @@ -48474,10 +84061,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -48489,13 +84077,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.pbxmonitor.net/changelog.php + notes: Mirror Servers were also checked to ensure Log4J was not installed or being + used by any of our systems. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Rational Developer for i + last_updated: '2021-12-22T00:00:00' + - vendor: PDQ + product: Deploy cves: cve-2021-4104: investigated: false @@ -48518,13 +84107,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.pdq.com/blog/log4j-vulnerability-cve-2021-44228/?utm_content=190941012&utm_medium=social&utm_source=twitter&hss_channel=tw-90432152 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Red Hat OpenShift on IBM Cloud + last_updated: '2021-12-16T00:00:00' + - vendor: PDQ + product: Inventory cves: cve-2021-4104: investigated: false @@ -48547,13 +84136,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.pdq.com/blog/log4j-vulnerability-cve-2021-44228/?utm_content=190941012&utm_medium=social&utm_source=twitter&hss_channel=tw-90432152 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Resilient + last_updated: '2021-12-16T00:00:00' + - vendor: Pega + product: Platform cves: cve-2021-4104: investigated: false @@ -48561,9 +84150,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 7.3.x - 8.6.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -48575,13 +84165,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + notes: Hotfixes made available for registered customers by Pega. When using Stream + nodes, the embedded Kafka instances require a separate hotfix to be installed. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: IBM - product: Robotic Process Automation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pentaho + product: All cves: cve-2021-4104: investigated: false @@ -48604,13 +84196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: SAN Volume Controller and Storwize Family + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pepperl+Fuchs + product: All cves: cve-2021-4104: investigated: false @@ -48633,13 +84225,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.pepperl-fuchs.com/global/en/29079.htm notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Satellite Infrastructure Service + last_updated: '2021-12-21T00:00:00' + - vendor: Percona + product: All cves: cve-2021-4104: investigated: false @@ -48662,13 +84254,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.percona.com/blog/log4jshell-vulnerability-update/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Schematics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Personio + product: All cves: cve-2021-4104: investigated: false @@ -48676,9 +84268,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -48691,13 +84284,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://status.personio.de/incidents/kn4c6mf6lpdv notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Secrets Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Endpoint Activation cves: cve-2021-4104: investigated: false @@ -48705,10 +84298,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -48720,13 +84314,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Secure Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Eptools cves: cve-2021-4104: investigated: false @@ -48734,10 +84328,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -48749,13 +84344,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Server Automation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Infinity cves: cve-2021-4104: investigated: false @@ -48763,10 +84358,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -48777,13 +84373,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: IBM - product: Spectrum Archive Library Edition + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Infinity Connect Client cves: cve-2021-4104: investigated: false @@ -48791,10 +84388,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -48806,13 +84404,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Spectrum Discover + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Microsoft Teams Connector cves: cve-2021-4104: investigated: false @@ -48820,10 +84418,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -48835,13 +84434,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Spectrum Protect Client Management Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: My Meeting Video cves: cve-2021-4104: investigated: false @@ -48849,10 +84448,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -48864,13 +84464,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: 'Spectrum Protect for Databases: Data Protection for Oracle' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Reverse Proxy and TURN Server cves: cve-2021-4104: investigated: false @@ -48878,10 +84478,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -48893,13 +84494,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: 'Spectrum Protect for Databases: Data Protection for SQL' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Service cves: cve-2021-4104: investigated: false @@ -48907,9 +84508,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -48922,13 +84524,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Spectrum Protect for Enterprise Resource Planning + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: VMR Self-Service Portal cves: cve-2021-4104: investigated: false @@ -48936,10 +84538,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -48951,13 +84554,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: 'Spectrum Protect for Mail: Data Protection for Domino' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Phenix Id + product: All cves: cve-2021-4104: investigated: false @@ -48980,13 +84583,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.phenixid.se/uncategorized/log4j-fix/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: 'Spectrum Protect for Mail: Data Protection for Exchange' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Philips + product: Event Analytics (All VUE PACS Versions) cves: cve-2021-4104: investigated: false @@ -48994,8 +84597,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -49009,13 +84613,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Spectrum Protect for Workstations + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: HealthSuite Marketplace cves: cve-2021-4104: investigated: false @@ -49023,9 +84627,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '1.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -49038,13 +84643,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Philips hosting environment has deployed a patch. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Spectrum Protect for z/OS USS Client and API + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliBridge Enterprise cves: cve-2021-4104: investigated: false @@ -49052,8 +84657,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - B.13 + - B.15 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -49067,13 +84674,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided it is customer responsibility to validate + and deploy patches. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Spectrum Protect Plus Db2 Agent + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSite Pathology Solution 5.1 cves: cve-2021-4104: investigated: false @@ -49081,8 +84690,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - L1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -49096,13 +84706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Spectrum Protect Plus Exchange Agent + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSpace Enterprise cves: cve-2021-4104: investigated: false @@ -49110,9 +84720,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v11 and above unaffected_versions: [] cve-2021-45046: investigated: false @@ -49125,13 +84736,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Spectrum Protect Plus File Systems Agent + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSpace PACS cves: cve-2021-4104: investigated: false @@ -49139,9 +84753,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -49154,13 +84769,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Philips hosting environment is evaluating the VMware provided workaround + and in the process of deploying for managed service customers. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Spectrum Protect Plus MongoDB Agent + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSpace Portal Server/workstation cves: cve-2021-4104: investigated: false @@ -49168,9 +84784,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v9 and above unaffected_versions: [] cve-2021-45046: investigated: false @@ -49183,13 +84800,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Spectrum Protect Plus O365 Agent + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Pathology De-identifier 1.0 cves: cve-2021-4104: investigated: false @@ -49197,8 +84817,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - L1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -49212,13 +84833,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Spectrum Protect Server + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Performance Bridge cves: cve-2021-4104: investigated: false @@ -49226,9 +84847,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2.0 with Practice + - '3.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -49241,13 +84864,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Spectrum Protect Snapshot for UNIX + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Pinnacle cves: cve-2021-4104: investigated: false @@ -49255,8 +84881,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 18.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -49270,13 +84897,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Spectrum Protect Snapshot for UNIX + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Protocol Analytics cves: cve-2021-4104: investigated: false @@ -49284,9 +84911,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '1.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -49299,13 +84927,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: SQL Query + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Protocol Applications cves: cve-2021-4104: investigated: false @@ -49313,8 +84944,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '1.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -49328,13 +84960,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Sterling Gentran + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Report Analytics (All VUE PACS Versions) cves: cve-2021-4104: investigated: false @@ -49342,8 +84976,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -49357,13 +84992,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Sterling Order Management + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: RIS Clinic cves: cve-2021-4104: investigated: false @@ -49371,8 +85006,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -49386,13 +85022,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Sterling Transformation Extender Pack for ACORD + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Scanner Protocol Manager cves: cve-2021-4104: investigated: false @@ -49400,10 +85036,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - '1.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Tasy EMR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -49415,13 +85084,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Sterling Transformation Extender Pack for Financial Services + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Univeral Data Manager (UDM) cves: cve-2021-4104: investigated: false @@ -49429,10 +85100,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Philips hosting environment is evaluating the VMware provided workaround + and in the process of deploying for managed service customers. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: VuePACS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 12.2.8 + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -49444,13 +85147,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Sterling Transformation Extender Pack for FIX + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: PHOENIX CONTACT + product: Cloud Services cves: cve-2021-4104: investigated: false @@ -49458,10 +85161,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 + notes: Cloud Services were either not vulnerable or are completely fixed. No exploits + observed. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Physical products containing firmware + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -49473,13 +85208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Sterling Transformation Extender Pack for NACHA + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Software Products cves: cve-2021-4104: investigated: false @@ -49487,10 +85222,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -49502,13 +85238,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Sterling Transformation Extender Pack for PeopleSoft + last_updated: '2021-12-22T00:00:00' + - vendor: Ping Identity + product: PingAccess cves: cve-2021-4104: investigated: false @@ -49516,9 +85252,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.0 <= version <= 6.3.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -49531,13 +85268,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Sterling Transformation Extender Pack for SAP R/3 + - vendor: Ping Identity + product: PingCentral cves: cve-2021-4104: investigated: false @@ -49545,9 +85282,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -49560,13 +85298,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Sterling Transformation Extender Pack for SEPA + - vendor: Ping Identity + product: PingFederate cves: cve-2021-4104: investigated: false @@ -49574,9 +85312,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 8.0 <= version <= 10.3.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -49589,13 +85328,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Sterling Transformation Extender Pack for Siebel + - vendor: Ping Identity + product: PingFederate Java Integration Kit cves: cve-2021-4104: investigated: false @@ -49603,9 +85342,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 2.7.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -49618,13 +85358,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Sterling Transformation Extender Pack for SWIFT + - vendor: Ping Identity + product: PingFederate OAuth Playground cves: cve-2021-4104: investigated: false @@ -49632,9 +85372,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 4.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -49647,13 +85388,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Sterling Transformation Extender Packs for EDI + - vendor: Ping Identity + product: PingIntelligence cves: cve-2021-4104: investigated: false @@ -49661,9 +85402,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -49676,13 +85418,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Sterling Transformation Extender Packs for Healthcare + - vendor: Pitney Bowes + product: All cves: cve-2021-4104: investigated: false @@ -49705,13 +85447,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Sterling Transformation Extender Trading Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planmeca + product: All cves: cve-2021-4104: investigated: false @@ -49734,13 +85476,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Storage TS1160 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planon Software + product: Planon Universe cves: cve-2021-4104: investigated: false @@ -49748,10 +85490,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -49763,13 +85506,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/ + notes: This advisory is available for customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Storage TS2280 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Platform.SH + product: All cves: cve-2021-4104: investigated: false @@ -49792,13 +85536,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Storage TS2900 Library + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plesk + product: All cves: cve-2021-4104: investigated: false @@ -49821,13 +85565,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Storage TS3100-TS3200 Library + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plex + product: Plex Industrial IoT cves: cve-2021-4104: investigated: false @@ -49835,10 +85579,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -49850,13 +85595,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: This advisory is available to customer only and has not been reviewed by + CISA. Mitigation already applied, patch available. references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Storage TS4500 Library + - vendor: Plex + product: Plex Media Server cves: cve-2021-4104: investigated: false @@ -49864,10 +85610,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -49879,13 +85626,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Storage Virtualization Engine TS7700 + - vendor: Polycom + product: Cloud Relay (OTD and RealConnect hybrid use case) cves: cve-2021-4104: investigated: false @@ -49908,13 +85656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Tape System Library Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: Poly Clariti Core/Edge (a.k.a. DMA/CCE) cves: cve-2021-4104: investigated: false @@ -49922,10 +85670,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 9.0 and above + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: Poly Clariti Relay + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.0.2 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -49937,13 +85716,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: TDMF for zOS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: Poly RealConnect for Microsoft Teams and Skype for Business cves: cve-2021-4104: investigated: false @@ -49951,10 +85730,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: RealAccess + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -49966,13 +85776,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Total Storage Service Console (TSSC) / TS4500 IMC + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Portainer + product: All cves: cve-2021-4104: investigated: false @@ -49995,13 +85805,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Transit Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PortSwigger + product: All cves: cve-2021-4104: investigated: false @@ -50024,13 +85834,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Tririga Anywhere + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Postgres + product: PostgreSQL JDBC cves: cve-2021-4104: investigated: false @@ -50038,10 +85848,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50053,13 +85864,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: TS4300 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Postman + product: All cves: cve-2021-4104: investigated: false @@ -50082,13 +85893,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228- notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Urbancode Deploy + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Power Admin LLC + product: PA File Sight cves: cve-2021-4104: investigated: false @@ -50096,10 +85907,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50111,13 +85923,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Virtual Private Cloud + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Server Monitor cves: cve-2021-4104: investigated: false @@ -50125,10 +85937,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Storage Monitor + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50140,13 +85983,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Virtual Server for Classic + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: dnsdist cves: cve-2021-4104: investigated: false @@ -50154,10 +85997,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: metronome + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50169,13 +86043,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Virtualization Management Interface + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: PowerDNS Authoritative Server cves: cve-2021-4104: investigated: false @@ -50183,10 +86057,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: PowerDNS Recursor + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50198,13 +86103,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: VMware Solutions + last_updated: '2021-12-17T00:00:00' + - vendor: Pretix + product: All cves: cve-2021-4104: investigated: false @@ -50227,13 +86132,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://pretix.eu/about/de/blog/20211213-log4j/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: VMware vCenter Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PrimeKey + product: All cves: cve-2021-4104: investigated: false @@ -50256,13 +86161,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: VMware vSphere + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Procentec (HMS Group) + product: All cves: cve-2021-4104: investigated: false @@ -50270,10 +86175,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50285,13 +86191,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://mailchi.mp/procentec.com/security_message notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: VPN for VPC + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress + product: DataDirect Hybrid Data Pipeline cves: cve-2021-4104: investigated: false @@ -50299,9 +86205,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -50314,13 +86221,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://knowledgebase.progress.com/articles/Knowledge/Is-Hybrid-Data-Pipeline-vulnerable-CVE-2021-44228-Log4j notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: vRealize Operations and Log Insight + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress + product: OpenEdge cves: cve-2021-4104: investigated: false @@ -50328,9 +86235,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -50343,13 +86251,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://knowledgebase.progress.com/articles/Knowledge/Is-Hybrid-Data-Pipeline-vulnerable-CVE-2021-44228-Log4j notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Workload Automation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProofPoint + product: Archiving Appliance cves: cve-2021-4104: investigated: false @@ -50357,8 +86265,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -50372,13 +86281,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: ICONICS - product: All + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Archiving Backend cves: cve-2021-4104: investigated: false @@ -50386,9 +86295,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -50401,13 +86311,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://iconics.com/News/Press-Releases/2021/ICONICS-Not-Subject-to-Apache-Log4j-Vulnerability + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: IFS - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Cloud App Security Broker cves: cve-2021-4104: investigated: false @@ -50415,9 +86325,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -50430,13 +86341,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.ifs.com/announcements-278/urgent-bulletin-ifs-advisory-ifs-products-services-and-log4j-cve-2021-44228-16436 + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: IGEL - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Cloudmark Cloud/Cloudmark Hybrid cves: cve-2021-4104: investigated: false @@ -50444,9 +86355,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -50459,13 +86371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.igel.com/securitysafety/en/isn-2021-11-ums-log4j-vulnerability-54086712.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Ignite Realtime - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Cloudmark On-Premise cves: cve-2021-4104: investigated: false @@ -50473,10 +86385,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50488,13 +86401,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108 + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: iGrafx - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Compliance Gateway cves: cve-2021-4104: investigated: false @@ -50502,9 +86415,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -50517,13 +86431,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.igrafx.com/igrafx-thwarts-log4j-vulnerability/ + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Illuminated Cloud - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Content Patrol cves: cve-2021-4104: investigated: false @@ -50531,10 +86445,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50546,13 +86461,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://illuminatedcloud.blogspot.com/2021/12/illuminated-cloud-2-and-log4j-security.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Illumio - product: C-VEN + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Data Discover cves: cve-2021-4104: investigated: false @@ -50560,10 +86475,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50575,13 +86491,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: CLI + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: DLP Core Engine cves: cve-2021-4104: investigated: false @@ -50589,10 +86505,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50604,13 +86521,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: CloudSecure + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Community cves: cve-2021-4104: investigated: false @@ -50618,9 +86535,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -50633,13 +86551,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Core on-premise PCE + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Fraud Defense (EFD) cves: cve-2021-4104: investigated: false @@ -50647,10 +86565,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50662,13 +86581,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Core SaaS PCE + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Protecton OnDemand (PoD), including Email DLP and Email Encryption cves: cve-2021-4104: investigated: false @@ -50676,9 +86595,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -50691,13 +86611,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Edge SaaS PCE + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Security Relay cves: cve-2021-4104: investigated: false @@ -50705,9 +86625,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -50720,13 +86641,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Edge-CrowdStrike + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Endpoint DLP cves: cve-2021-4104: investigated: false @@ -50734,10 +86655,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50749,13 +86671,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Flowlink + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Essentials Archive cves: cve-2021-4104: investigated: false @@ -50763,9 +86685,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -50778,13 +86701,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Kubelink + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Essentials Email cves: cve-2021-4104: investigated: false @@ -50792,10 +86715,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50807,13 +86731,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: NEN + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Insider Threat Management Saas cves: cve-2021-4104: investigated: false @@ -50821,9 +86745,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -50836,13 +86761,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: QRadar App + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Insiders Threat Management On-Premise cves: cve-2021-4104: investigated: false @@ -50850,10 +86775,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50865,13 +86791,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Splunk App + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Isolation cves: cve-2021-4104: investigated: false @@ -50879,10 +86805,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50894,13 +86821,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: VEN + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: ITM Saas Endpoint Agents cves: cve-2021-4104: investigated: false @@ -50908,10 +86835,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50923,13 +86851,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: IManage - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Mail Protection On-Premise (PPS), including Email DLP and Email Encryption cves: cve-2021-4104: investigated: false @@ -50937,9 +86865,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -50952,13 +86881,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Imperva - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Meta/ZTNA cves: cve-2021-4104: investigated: false @@ -50966,10 +86895,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -50981,13 +86911,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Inductive Automation - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Nexus People Risk Explorer cves: cve-2021-4104: investigated: false @@ -50995,10 +86925,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -51010,13 +86941,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: IndustrialDefender - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Secure Email Relay cves: cve-2021-4104: investigated: false @@ -51024,9 +86955,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -51039,13 +86971,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.industrialdefender.com/cve-2021-44228-log4j/ + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: infinidat - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Secure Share cves: cve-2021-4104: investigated: false @@ -51053,10 +86985,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -51068,13 +87001,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.infinidat.com/hc/en-us/articles/4413483145489-INFINIDAT-Support-Announcement-2021-010-Log4Shell-CVE-2021-44228 + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: InfluxData - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Security Awareness Training cves: cve-2021-4104: investigated: false @@ -51082,9 +87015,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -51097,13 +87031,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.influxdata.com/blog/apache-log4j-vulnerability-cve-2021-44228/ + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Infoblox - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Sentrion cves: cve-2021-4104: investigated: false @@ -51111,9 +87045,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -51126,13 +87061,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.infoblox.com/articles/Knowledge/Infoblox-NIOS-and-BloxOne-products-not-vulnerable-to-CVE-2021-44228 + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Informatica - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Social Discover cves: cve-2021-4104: investigated: false @@ -51140,10 +87075,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -51155,13 +87091,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Instana - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Social Patrol cves: cve-2021-4104: investigated: false @@ -51169,10 +87105,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -51184,13 +87121,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.instana.io/incidents/4zgcd2gzf4jw + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Instructure - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Targeted Attack Protection (TAP) cves: cve-2021-4104: investigated: false @@ -51198,10 +87135,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -51213,13 +87151,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.canvaslms.com/t5/Community-Users/Instructure-amp-the-Apache-Log4j2-Vulnerability/ba-p/501907 + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Intel - product: Audio Development Kit + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Threat Response (TRAP) cves: cve-2021-4104: investigated: false @@ -51227,10 +87165,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -51242,13 +87181,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Computer Vision Annotation Tool maintained by Intel + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Web Gateway cves: cve-2021-4104: investigated: false @@ -51256,9 +87195,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -51271,13 +87211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Datacenter Manager + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Web Security cves: cve-2021-4104: investigated: false @@ -51285,9 +87225,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -51300,13 +87241,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Genomics Kernel Library + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProSeS + product: All cves: cve-2021-4104: investigated: false @@ -51329,13 +87270,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: oneAPI sample browser plugin for Eclipse + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Prosys + product: All cves: cve-2021-4104: investigated: false @@ -51358,13 +87299,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://prosysopc.com/news/important-security-release/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Secure Device Onboard + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: Backup Server cves: cve-2021-4104: investigated: false @@ -51372,10 +87313,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -51387,13 +87329,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Sensor Solution Firmware Development Kit + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: Mail Gateway cves: cve-2021-4104: investigated: false @@ -51401,10 +87343,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -51416,13 +87359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: System Debugger + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: VE cves: cve-2021-4104: investigated: false @@ -51430,10 +87373,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -51445,13 +87389,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: System Studio + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PRTG Paessler + product: All cves: cve-2021-4104: investigated: false @@ -51474,13 +87418,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Internet Systems Consortium(ISC) - product: BIND 9 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTC + product: ACA Client cves: cve-2021-4104: investigated: false @@ -51490,9 +87434,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -51504,13 +87448,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.isc.org/blogs/2021-log4j/ - notes: no JAVA Code + - https://www.ptc.com/en/support/article/CS358990 + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Internet Systems Consortium(ISC) - product: ISC DHCP, aka dhcpd + - vendor: PTC + product: Adapter Toolkit cves: cve-2021-4104: investigated: false @@ -51520,9 +87464,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -51534,13 +87478,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.isc.org/blogs/2021-log4j/ - notes: no JAVA Code + - https://www.ptc.com/en/support/article/CS358990 + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Internet Systems Consortium(ISC) - product: Kea DHCP + - vendor: PTC + product: AdaWorld cves: cve-2021-4104: investigated: false @@ -51552,7 +87496,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -51564,13 +87508,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.isc.org/blogs/2021-log4j/ - notes: no JAVA Code + - https://www.ptc.com/en/support/article/CS358990 + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: InterSystems - product: '' + - vendor: PTC + product: ApexAda cves: cve-2021-4104: investigated: false @@ -51578,10 +87522,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -51593,13 +87538,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intersystems.com/gt/apache-log4j2/ + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Intland - product: codebeamer + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Arbortext Editor, Styler, and Publishing Engine cves: cve-2021-4104: investigated: false @@ -51608,10 +87553,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <= 20.11-SP11 - - <= 21.09-SP3 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>8.0.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -51624,14 +87568,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://codebeamer.com/cb/wiki/19872365 - notes: A fix has been released for [20.11](https://codebeamer.com/cb/wiki/13134438) - and [21.09](https://codebeamer.com/cb/wiki/19418497), but not yet for [21.04](https://codebeamer.com/cb/wiki/16937839) + - https://www.ptc.com/en/support/article/CS358990 + notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: IPRO - product: Netgovern + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Arena cves: cve-2021-4104: investigated: false @@ -51639,10 +87582,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -51653,13 +87597,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: iRedMail - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Axeda cves: cve-2021-4104: investigated: false @@ -51667,9 +87612,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -51682,13 +87628,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.iredmail.org/topic18605-log4j-cve202144228.html + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Ironnet - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Axeda Platform cves: cve-2021-4104: investigated: false @@ -51696,8 +87642,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.9.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -51711,13 +87658,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: ISLONLINE - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Creo Elements/Direct Model Manager cves: cve-2021-4104: investigated: false @@ -51725,9 +87672,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -51740,13 +87688,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.islonline.com/2021/12/13/isl-online-is-not-affected-by-log4shell-vulnerability/ + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Ivanti - product: Avalanche + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Creo Parametric cves: cve-2021-4104: investigated: false @@ -51754,67 +87702,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 6.2.2 - - 6.3.0 to 6.3.3 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: '' - references: - - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti File Director - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 2019.1.* - - 2020.1.* - - 2020.3.* - - 2021.1.* - - 4.4.* - fixed_versions: - - 2021.3 HF2 - - 2021.1 HF1 - - 2020.3 HF2 - unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Core + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Creo View cves: cve-2021-4104: investigated: false @@ -51823,28 +87732,28 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core. + - https://www.ptc.com/en/support/article/CS358990 + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Core Connector + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Flexnet License Server cves: cve-2021-4104: investigated: false @@ -51853,28 +87762,28 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + - https://www.ptc.com/en/support/article/CS358990 + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Sentry (Core/Cloud) + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: FlexPLM cves: cve-2021-4104: investigated: false @@ -51884,37 +87793,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '9.13' - - '9.14' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Sentry. - references: - - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Jamasoftware - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] + - 12.0.2.2 (CPS03) + - 12.0.2.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -51928,13 +87808,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22 + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jamf - product: Jamf Pro + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: FlexPLM cves: cve-2021-4104: investigated: false @@ -51943,10 +87823,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 10.31.0 – 10.34.0 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - <= 11.1 M020 + - 11.2.1 + - 12.0.0 cve-2021-45046: investigated: false affected_versions: [] @@ -51958,13 +87840,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Janitza - product: GridVis + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: FlexPLM cves: cve-2021-4104: investigated: false @@ -51974,9 +87856,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.82 + fixed_versions: + - 12.0.2.0 (CPS01 and CPS02) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -51988,13 +87870,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.janitza.com/us/gridvis-download.html + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Jaspersoft - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Implementer cves: cve-2021-4104: investigated: false @@ -52017,13 +87899,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jedox - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Intellicus cves: cve-2021-4104: investigated: false @@ -52031,9 +87913,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>=19.1 SP11' unaffected_versions: [] cve-2021-45046: investigated: false @@ -52046,13 +87929,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jedox.com/en/trust/ + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jenkins - product: CI/CD Core + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: OnShape cves: cve-2021-4104: investigated: false @@ -52060,10 +87943,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -52074,13 +87958,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jenkins - product: Plugins + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Servigistics Service Parts Management cves: cve-2021-4104: investigated: false @@ -52088,9 +87973,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '12.1' + - '12.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -52103,14 +87990,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ - notes: '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' + - https://www.ptc.com/en/support/article/CS358990 + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: JetBrains - product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, - dotCover, dotPeek) + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Servigistics Service Parts Pricing cves: cve-2021-4104: investigated: false @@ -52120,9 +88006,10 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown + fixed_versions: + - '12.1' + - '12.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -52134,13 +88021,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jetbrains - product: Code With Me + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Advisor Apps cves: cve-2021-4104: investigated: false @@ -52150,9 +88037,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -52164,13 +88051,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: Datalore + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Agents cves: cve-2021-4104: investigated: false @@ -52182,7 +88069,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -52194,13 +88081,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: Floating license server + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Analytics cves: cve-2021-4104: investigated: false @@ -52211,7 +88098,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - '30211' + - '8.5' + - '9.0' + - '9.1' + - '9.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -52224,13 +88114,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: Gateway + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx DPM cves: cve-2021-4104: investigated: false @@ -52242,7 +88132,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -52254,13 +88144,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: Hub + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Extensions cves: cve-2021-4104: investigated: false @@ -52271,7 +88161,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2021.1.14080 + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -52284,15 +88174,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, - IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, - Rider, RubyMine, WebStorm) + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Flow cves: cve-2021-4104: investigated: false @@ -52304,7 +88192,10 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '8.5' + - '9.0' + - '9.1' + - '9.2' cve-2021-45046: investigated: false affected_versions: [] @@ -52316,13 +88207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: Kotlin + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Kepware cves: cve-2021-4104: investigated: false @@ -52332,9 +88223,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown + fixed_versions: + - <=1.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -52346,13 +88237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: Ktor + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Manufacturing Apps cves: cve-2021-4104: investigated: false @@ -52364,7 +88255,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -52376,13 +88267,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: MPS + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Navigate cves: cve-2021-4104: investigated: false @@ -52392,9 +88283,10 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown + fixed_versions: + - '9.1' + - '9.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -52406,13 +88298,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: Space + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Ping Federate Integration cves: cve-2021-4104: investigated: false @@ -52422,9 +88314,39 @@ software: cve-2021-44228: investigated: true affected_versions: [] + fixed_versions: + - '>=9.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=8.5.7' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -52436,13 +88358,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: TeamCity + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Platform High Availability cves: cve-2021-4104: investigated: false @@ -52454,7 +88376,9 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '9.0' + - '9.1' + - '9.2' cve-2021-45046: investigated: false affected_versions: [] @@ -52466,13 +88390,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://youtrack.jetbrains.com/issue/TW-74298 + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: ToolBox + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: WCTK cves: cve-2021-4104: investigated: false @@ -52484,7 +88408,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -52496,13 +88420,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: UpSource + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill PDMLink cves: cve-2021-4104: investigated: false @@ -52511,9 +88435,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - 2020.1.1952 + affected_versions: + - 12.0.2.2 (CPS03) + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -52526,13 +88450,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: YouTrack InCloud + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill PDMLink cves: cve-2021-4104: investigated: false @@ -52543,7 +88467,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - 12.0.2.0 (CPS01 & CPS02) unaffected_versions: [] cve-2021-45046: investigated: false @@ -52556,13 +88480,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: YouTrack Standalone + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill PDMLink cves: cve-2021-4104: investigated: false @@ -52572,9 +88496,10 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 2021.4.35970 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - <=11.2 M020 + - 11.2.1 cve-2021-45046: investigated: false affected_versions: [] @@ -52586,13 +88511,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JFROG - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill Performance Advisor cves: cve-2021-4104: investigated: false @@ -52600,10 +88525,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -52615,13 +88541,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jitsi - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill Rest Services cves: cve-2021-4104: investigated: false @@ -52629,10 +88555,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -52644,13 +88571,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jitterbit - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill RV&S(Integrity Lifcycle Manager) cves: cve-2021-4104: investigated: false @@ -52658,9 +88585,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.6/8.6 4.6 SP0 to 12.5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -52673,13 +88601,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Johnson Controls - product: BCPro + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill Workgroup Manager cves: cve-2021-4104: investigated: false @@ -52691,7 +88619,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -52703,13 +88631,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CEM AC2000 + last_updated: '2021-12-17T00:00:00' + - vendor: PTV Group + product: Map&Market cves: cve-2021-4104: investigated: false @@ -52718,10 +88646,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '> 2017' fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -52733,13 +88661,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CEM Hardware Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: Map&Market cves: cve-2021-4104: investigated: false @@ -52751,7 +88679,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - < 2018 cve-2021-45046: investigated: false affected_versions: [] @@ -52763,13 +88691,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CloudVue Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Arrival Board cves: cve-2021-4104: investigated: false @@ -52781,7 +88709,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -52793,13 +88721,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CloudVue Web + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Balance cves: cve-2021-4104: investigated: false @@ -52811,7 +88739,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -52823,13 +88751,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Content Update Service cves: cve-2021-4104: investigated: false @@ -52839,9 +88767,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 2.90.x (all 2.90 versions) + fixed_versions: + - 2 (on prem) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -52853,13 +88781,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Developer cves: cve-2021-4104: investigated: false @@ -52869,9 +88797,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 2.80.x (all 2.80 versions) + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -52883,13 +88811,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Drive&Arrive cves: cve-2021-4104: investigated: false @@ -52901,7 +88829,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.70 (All versions) + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -52913,13 +88841,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Drive&Arrive App cves: cve-2021-4104: investigated: false @@ -52931,7 +88859,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.60 (All versions) + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -52943,13 +88871,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: DLS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV EM Portal cves: cve-2021-4104: investigated: false @@ -52961,7 +88889,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -52973,13 +88901,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Entrapass + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Epics cves: cve-2021-4104: investigated: false @@ -52991,7 +88919,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53003,13 +88931,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: exacqVision Client + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Hyperpath cves: cve-2021-4104: investigated: false @@ -53021,7 +88949,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53033,13 +88961,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: exacqVision Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV MaaS Modeller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Map&Guide Intranet cves: cve-2021-4104: investigated: false @@ -53051,7 +89009,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53063,13 +89021,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: exacqVision WebService + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Navigator App cves: cve-2021-4104: investigated: false @@ -53081,7 +89039,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53093,13 +89051,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Facility Explorer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Navigator License Manager cves: cve-2021-4104: investigated: false @@ -53111,7 +89069,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 14.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53123,13 +89081,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Illustra Cameras + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Optima cves: cve-2021-4104: investigated: false @@ -53141,7 +89099,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53153,13 +89111,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Illustra Insight + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Road Editor cves: cve-2021-4104: investigated: false @@ -53171,7 +89129,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53183,13 +89141,73 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: iSTAR + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimiser CL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimiser ST + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - on prem xServer2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimiser ST (TourOpt) cves: cve-2021-4104: investigated: false @@ -53201,7 +89219,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53213,13 +89231,73 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Metasys Products and Tools + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimizer Saas/Demonstrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV TLN Planner Internet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV TRE cves: cve-2021-4104: investigated: false @@ -53231,7 +89309,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53243,13 +89321,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: PowerSeries NEO + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Tre-Addin cves: cve-2021-4104: investigated: false @@ -53261,7 +89339,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53273,13 +89351,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: PowerSeries Pro + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Trip Creator cves: cve-2021-4104: investigated: false @@ -53291,7 +89369,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53303,13 +89381,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Qolsys IQ Panels + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Vissim cves: cve-2021-4104: investigated: false @@ -53321,7 +89399,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53333,13 +89411,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Sur‐Gard Receivers + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Vistad Euska cves: cve-2021-4104: investigated: false @@ -53351,7 +89429,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53363,13 +89441,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Tyco AI + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Vistro cves: cve-2021-4104: investigated: false @@ -53381,7 +89459,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53393,13 +89471,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: victor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Visum cves: cve-2021-4104: investigated: false @@ -53411,7 +89489,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53423,13 +89501,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Visum Publisher + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Viswalk cves: cve-2021-4104: investigated: false @@ -53441,7 +89549,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53453,13 +89561,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer cves: cve-2021-4104: investigated: false @@ -53469,9 +89577,10 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90 + fixed_versions: + - 1.34 (on prem) + - 2 (on prem) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -53483,13 +89592,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: VideoEdge + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer cves: cve-2021-4104: investigated: false @@ -53501,7 +89610,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - < 1.34 (on prem) cve-2021-45046: investigated: false affected_versions: [] @@ -53513,13 +89622,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Journyx - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer Internet 1 cves: cve-2021-4104: investigated: false @@ -53527,10 +89636,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer Internet 2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -53542,13 +89682,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: jPOS - product: (ISO-8583) bridge + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Connect Secure (ICS) cves: cve-2021-4104: investigated: false @@ -53560,7 +89700,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53572,13 +89712,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jump Desktop - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for Secure Access cves: cve-2021-4104: investigated: false @@ -53586,10 +89726,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53601,13 +89742,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Juniper Networks - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA cves: cve-2021-4104: investigated: false @@ -53615,10 +89756,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53630,13 +89772,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Justice Systems - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Connect Secure cves: cve-2021-4104: investigated: false @@ -53644,10 +89786,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53659,13 +89802,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.justicesystems.com/services/support/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: K15t - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Desktop Client cves: cve-2021-4104: investigated: false @@ -53673,10 +89816,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53688,13 +89832,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.k15t.com/k15t-apps-and-log4shell-193401141.html + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: K6 - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Mobile Client cves: cve-2021-4104: investigated: false @@ -53702,10 +89846,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53717,13 +89862,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Karakun - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse One cves: cve-2021-4104: investigated: false @@ -53731,10 +89876,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53746,13 +89892,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://board.karakun.com/viewtopic.php?f=21&t=8351 + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Kaseya - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Policy Secure cves: cve-2021-4104: investigated: false @@ -53760,10 +89906,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53775,13 +89922,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Keeper Security - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Services Director cves: cve-2021-4104: investigated: false @@ -53789,10 +89936,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53804,13 +89952,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: KEMP - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Virtual Traffic Manager cves: cve-2021-4104: investigated: false @@ -53818,10 +89966,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53833,13 +89982,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: KEMP 2 - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Web Application Firewall cves: cve-2021-4104: investigated: false @@ -53847,10 +89996,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53862,13 +90012,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228- + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Kofax - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse ZTA cves: cve-2021-4104: investigated: false @@ -53876,10 +90026,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53891,13 +90042,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228) + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Konica Minolta - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Puppet + product: Agents cves: cve-2021-4104: investigated: false @@ -53905,10 +90056,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53920,13 +90072,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.konicaminolta.de/de-de/support/log4j + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Kronos UKG - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Puppet + product: Continuous Delivery for Puppet Enterprise cves: cve-2021-4104: investigated: false @@ -53934,9 +90086,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.x + - < 4.10.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -53949,13 +90103,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Kyberna - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Puppet + product: Enterprise cves: cve-2021-4104: investigated: false @@ -53963,10 +90117,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -53978,13 +90133,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.kyberna.com/detail/log4j-sicherheitsluecke + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: L-Soft - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage + product: Cloud Blockstore cves: cve-2021-4104: investigated: false @@ -53992,8 +90147,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - CBS6.1.x + - CBS6.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -54007,13 +90164,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://www.lsoft.com/news/log4jinfo.asp - notes: '' + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: L3Harris Geospatial - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Flash Array cves: cve-2021-4104: investigated: false @@ -54021,8 +90179,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 5.3.x + - 6.0.x + - 6.1.x + - 6.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -54036,13 +90198,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software - notes: '' + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Lancom Systems - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Flash Blade cves: cve-2021-4104: investigated: false @@ -54050,8 +90213,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.1.x + - 3.2.x + - 3.3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -54065,13 +90231,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.lancom-systems.com/service-support/instant-help/general-security-information/ - notes: '' + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Lansweeper - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: PortWorx cves: cve-2021-4104: investigated: false @@ -54079,9 +90246,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2.8.0+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -54094,13 +90262,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.lansweeper.com/vulnerability/critical-log4j-vulnerability-affects-millions-of-applications/ - notes: '' + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Laserfiche - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Pure1 cves: cve-2021-4104: investigated: false @@ -54108,9 +90277,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -54123,13 +90293,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://answers.laserfiche.com/questions/194037/Do-any-Laserfiche-products-use-the-Apache-log4j-library#194038 - notes: '' + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: LastPass - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: VM Analytics OVA Collector cves: cve-2021-4104: investigated: false @@ -54137,9 +90308,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < v3.1.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -54152,13 +90324,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.logmeininc.com/lastpass/help/log4j-vulnerability-faq-for-lastpass-universal-proxy - notes: '' + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: LaunchDarkly - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: PuTTY + product: All cves: cve-2021-4104: investigated: false @@ -54166,10 +90339,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -54181,13 +90355,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://launchdarkly.com/blog/audit-shows-systems-unaffected-by-log4j/ + - https://www.chiark.greenend.org.uk/~sgtatham/putty/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Leanix - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pyramid Analytics + product: All cves: cve-2021-4104: investigated: false @@ -54195,10 +90369,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -54210,13 +90385,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leanix.net/en/blog/log4j-vulnerability-log4shell + - https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio AT2 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qconference + product: FaceTalk cves: cve-2021-4104: investigated: false @@ -54224,9 +90399,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -54239,13 +90415,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio AT2 DX + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: QF-Test + product: All cves: cve-2021-4104: investigated: false @@ -54268,13 +90444,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio CS2 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qlik + product: AIS, including ARC cves: cve-2021-4104: investigated: false @@ -54282,10 +90458,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -54297,13 +90474,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio eSlide Manager + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Attunity Visibility cves: cve-2021-4104: investigated: false @@ -54311,10 +90488,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -54326,13 +90504,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio GT 450 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: AutoML cves: cve-2021-4104: investigated: false @@ -54340,10 +90518,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -54355,13 +90534,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio GT 450 DX + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Blendr cves: cve-2021-4104: investigated: false @@ -54369,10 +90548,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -54384,13 +90564,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio ImageScope + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DL cves: cve-2021-4104: investigated: false @@ -54398,9 +90578,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '6.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -54413,13 +90594,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio ImageScope DX + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DW cves: cve-2021-4104: investigated: false @@ -54427,9 +90608,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '6.6' + - 6.6.1 + - '7.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -54442,13 +90626,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio LV1 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Catalog cves: cve-2021-4104: investigated: false @@ -54456,9 +90640,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.10.0 + - 4.10.1 + - 4.10.2 + - 4.11.0 + - 4.11.1 + - 4.12.0 + - 4.12.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -54471,13 +90662,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio SAM DX Server For GT 450 DX + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose cves: cve-2021-4104: investigated: false @@ -54485,9 +90676,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '2021.2' + - '2021.5' + - '2021.8' unaffected_versions: [] cve-2021-45046: investigated: false @@ -54500,13 +90694,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio Scanner Administration Manager (SAM) Server for GT 450 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Lakes cves: cve-2021-4104: investigated: false @@ -54514,10 +90708,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '6.6' cve-2021-45046: investigated: false affected_versions: [] @@ -54529,13 +90724,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio VERSA + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Wharehouses cves: cve-2021-4104: investigated: false @@ -54543,10 +90738,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '6.6' + - 6.6.1 + - '7.0' cve-2021-45046: investigated: false affected_versions: [] @@ -54558,13 +90756,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio WebViewer DX + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Plus cves: cve-2021-4104: investigated: false @@ -54572,9 +90770,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.26.5 + - 5.27.5 - 5.28.2 + - 5.29.4 - 5.30.1 + - 5.31.1 + - 5.31.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -54587,13 +90790,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND Controller + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Server cves: cve-2021-4104: investigated: false @@ -54601,9 +90804,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.19.1 - 4.27.3 + - 4.23.4 + - 4.32.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -54616,13 +90822,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND RX + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nodegraph cves: cve-2021-4104: investigated: false @@ -54630,10 +90836,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -54645,13 +90852,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND RXm + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nprinting cves: cve-2021-4104: investigated: false @@ -54659,10 +90866,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -54674,13 +90882,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND-ADVANCE + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: ODBC Connector Package cves: cve-2021-4104: investigated: false @@ -54688,10 +90896,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -54703,13 +90912,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND-III + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: QEM cves: cve-2021-4104: investigated: false @@ -54717,9 +90926,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' unaffected_versions: [] cve-2021-45046: investigated: false @@ -54732,13 +90945,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND-MAX + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Alerting cves: cve-2021-4104: investigated: false @@ -54746,10 +90959,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -54761,13 +90975,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: CEREBRO + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Catalog cves: cve-2021-4104: investigated: false @@ -54775,10 +90989,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - May 2021 release and after cve-2021-45046: investigated: false affected_versions: [] @@ -54790,13 +91005,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: CytoVision + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Data Transfer cves: cve-2021-4104: investigated: false @@ -54804,10 +91019,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -54819,13 +91035,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore PEARL + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Enterprise Manager cves: cve-2021-4104: investigated: false @@ -54833,9 +91049,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' unaffected_versions: [] cve-2021-45046: investigated: false @@ -54848,13 +91068,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore PEGASUS + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Forts cves: cve-2021-4104: investigated: false @@ -54862,10 +91082,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -54877,13 +91098,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPECTRA CV + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik RepliWeb and ARC cves: cve-2021-4104: investigated: false @@ -54891,10 +91112,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -54906,13 +91128,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPECTRA ST + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Business cves: cve-2021-4104: investigated: false @@ -54920,10 +91142,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -54935,13 +91158,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPIRIT ST + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise cves: cve-2021-4104: investigated: false @@ -54949,10 +91172,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -54964,13 +91188,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPRING ST + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise SaaS cves: cve-2021-4104: investigated: false @@ -54978,10 +91202,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -54993,13 +91218,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ASP300S + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik View cves: cve-2021-4104: investigated: false @@ -55007,10 +91232,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -55022,13 +91248,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica CV5030 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Web Connectors cves: cve-2021-4104: investigated: false @@ -55036,10 +91262,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -55051,13 +91278,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ST4020 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Replicate cves: cve-2021-4104: investigated: false @@ -55065,9 +91292,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' unaffected_versions: [] cve-2021-45046: investigated: false @@ -55080,13 +91311,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ST5010 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: REST Connectors cves: cve-2021-4104: investigated: false @@ -55094,10 +91325,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -55109,13 +91341,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ST5020 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Salesforce and SAP Connectors cves: cve-2021-4104: investigated: false @@ -55123,10 +91355,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -55138,13 +91371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: Connectos are not affected. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica TP1020 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: QMATIC + product: Appointment Booking cves: cve-2021-4104: investigated: false @@ -55152,9 +91385,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2.4+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -55167,13 +91401,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: Update to v. 2.8.2 which contains log4j 2.16 references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: LIS Connect + - vendor: QMATIC + product: Appointment Booking cves: cve-2021-4104: investigated: false @@ -55181,9 +91415,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud/Managed Service unaffected_versions: [] cve-2021-45046: investigated: false @@ -55196,13 +91431,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: log4j 2.16 applied 2021-12-15 references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: PathDX + - vendor: QMATIC + product: Insights cves: cve-2021-4104: investigated: false @@ -55210,9 +91445,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -55225,13 +91461,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: log4j 2.16 applied 2021-12-16 references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: ThermoBrite Elite + - vendor: QMATIC + product: Orchestra Central cves: cve-2021-4104: investigated: false @@ -55239,10 +91475,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 6.0+ cve-2021-45046: investigated: false affected_versions: [] @@ -55254,13 +91491,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Lenovo - product: BIOS/UEFI + - vendor: QNAP + product: QES Operating System cves: cve-2021-4104: investigated: false @@ -55268,10 +91505,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -55283,13 +91521,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Chassis Management Module 2 (CMM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: Qsirch cves: cve-2021-4104: investigated: false @@ -55297,10 +91535,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -55312,13 +91551,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Commercial Vantage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QTS Operating System cves: cve-2021-4104: investigated: false @@ -55326,10 +91565,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -55341,13 +91581,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Confluent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QuTS Hero Operating System cves: cve-2021-4104: investigated: false @@ -55355,10 +91595,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -55370,13 +91611,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: DSS-G + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOPPA + product: All cves: cve-2021-4104: investigated: false @@ -55399,13 +91640,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Embedded System Management Java-based KVM clients + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOS.ch + product: SLF4J Simple Logging Facade for Java cves: cve-2021-4104: investigated: false @@ -55428,13 +91669,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.slf4j.org/log4shell.html notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Fan Power Controller (FPC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QSC Q-SYS + product: All cves: cve-2021-4104: investigated: false @@ -55457,13 +91698,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Fan Power Controller2 (FPC2) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QT + product: All cves: cve-2021-4104: investigated: false @@ -55486,13 +91727,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Integrated Management Module II (IMM2) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight cves: cve-2021-4104: investigated: false @@ -55503,7 +91744,8 @@ software: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '5.9' cve-2021-45046: investigated: false affected_versions: [] @@ -55515,13 +91757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: NetApp ONTAP Tools for VMware vSphere + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight cves: cve-2021-4104: investigated: false @@ -55529,9 +91771,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '6.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -55544,15 +91787,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: See [NetApp](https://security.netapp.com/advisory/ntap-20211210-0007/) - advisory. + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: 'Network Switches running: Lenovo CNOS, Lenovo ENOS, IBM ENOS, or Brocade - FOS' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Quest KACE SMA cves: cve-2021-4104: investigated: false @@ -55560,10 +91801,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -55575,13 +91817,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Storage Management utilities + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: R + product: R cves: cve-2021-4104: investigated: false @@ -55589,10 +91831,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 4.1.1 cve-2021-45046: investigated: false affected_versions: [] @@ -55604,13 +91847,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.r-project.org/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: System Management Module (SMM) + last_updated: '2021-12-21T00:00:00' + - vendor: R2ediviewer + product: '' cves: cve-2021-4104: investigated: false @@ -55633,13 +91876,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: System Management Module 2 (SMM2) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Radware + product: '' cves: cve-2021-4104: investigated: false @@ -55662,13 +91905,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://support.radware.com/app/answers/answer_view/a_id/1029752 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: System Update + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rapid7 + product: AlcidekArt, kAdvisor, and kAudit cves: cve-2021-4104: investigated: false @@ -55676,10 +91919,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -55691,13 +91935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Thin Installer + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Enterprise cves: cve-2021-4104: investigated: false @@ -55705,10 +91949,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -55720,13 +91965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkAgile HX + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Pro cves: cve-2021-4104: investigated: false @@ -55734,10 +91979,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -55749,15 +91995,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: Nutanix and VMware components only; hardware not affected. See [Nutanix](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) - and [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) - advisories. + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkAgile VX + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Insight Agent cves: cve-2021-4104: investigated: false @@ -55765,10 +92009,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -55780,14 +92025,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: VMware components only; hardware not affected. See [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) - advisory. + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem 2x1x16 Digital KVM Switch - Type 1754D1T + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine cves: cve-2021-4104: investigated: false @@ -55795,10 +92039,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -55810,13 +92055,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem DE Series Storage + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine cves: cve-2021-4104: investigated: false @@ -55824,10 +92069,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -55839,13 +92085,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: See also NetApp advisory. + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem DM Series Storage + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightCloudSec/DivvyCloud cves: cve-2021-4104: investigated: false @@ -55853,10 +92099,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -55868,13 +92115,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: See also NetApp advisory. + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem DS Series Storage + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightConnect Orchestrator cves: cve-2021-4104: investigated: false @@ -55882,10 +92129,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -55897,13 +92145,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem Manager (TSM) + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR Network Sensor cves: cve-2021-4104: investigated: false @@ -55911,10 +92159,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -55926,13 +92175,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Update Retriever + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR/InsightOps Collector & Event Sources cves: cve-2021-4104: investigated: false @@ -55940,10 +92189,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -55955,13 +92205,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Vantage + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps DataHub cves: cve-2021-4104: investigated: false @@ -55969,8 +92219,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - InsightOps DataHub <= 2.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -55984,13 +92235,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) + using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Administrator (LXCA) + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps non-Java logging libraries cves: cve-2021-4104: investigated: false @@ -55998,10 +92250,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -56013,13 +92266,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Controller (XCC) + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps r7insight_java logging library cves: cve-2021-4104: investigated: false @@ -56027,8 +92280,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <=3.0.8 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -56042,13 +92296,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Energy Manager (LXEM) + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM Kubernetes Monitor cves: cve-2021-4104: investigated: false @@ -56056,10 +92310,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -56071,13 +92326,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Essentials (LXCE) + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose cves: cve-2021-4104: investigated: false @@ -56085,10 +92340,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -56100,13 +92356,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Microsoft Azure Log Analytics + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Console cves: cve-2021-4104: investigated: false @@ -56114,10 +92370,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -56129,13 +92386,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Microsoft System Center + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Engine cves: cve-2021-4104: investigated: false @@ -56143,10 +92402,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -56158,13 +92418,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Nagios + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: IntSights virtual appliance cves: cve-2021-4104: investigated: false @@ -56172,10 +92434,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -56187,13 +92450,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for ServiceNow + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries DataHub cves: cve-2021-4104: investigated: false @@ -56201,8 +92464,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -56216,13 +92480,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: 'Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). + Windows: Run version 1.2.0.822 in a Docker container or as a Java command per + these [instructions](https://docs.logentries.com/docs/datahub-windows). You + can find more details [here](https://docs.logentries.com/docs/datahub-linux).' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for VMware vCenter + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries le_java logging library cves: cve-2021-4104: investigated: false @@ -56230,8 +92497,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'All versions: this is a deprecated component' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -56245,13 +92513,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Windows Admin Center + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Framework cves: cve-2021-4104: investigated: false @@ -56259,10 +92527,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -56274,13 +92543,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Mobile (LXCM) + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Pro cves: cve-2021-4104: investigated: false @@ -56288,10 +92557,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -56303,13 +92573,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Metasploit Pro ships with log4j but has specific configurations applied + to it that mitigate Log4Shell. A future update will contain a fully patched + version of log4j. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Orchestrator (LXCO) + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: tCell Java Agent cves: cve-2021-4104: investigated: false @@ -56317,10 +92589,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -56332,13 +92605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Provisioning Manager (LXPM) + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Velociraptor cves: cve-2021-4104: investigated: false @@ -56346,10 +92619,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -56361,12 +92635,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: LeoStream + last_updated: '2021-12-15T00:00:00' + - vendor: Raritan product: '' cves: cve-2021-4104: @@ -56390,12 +92664,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.leostream.com/support/discussions/topics/66000507567 + - https://www.raritan.com/support notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Let's Encrypt + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ravelin product: '' cves: cve-2021-4104: @@ -56419,13 +92693,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.letsencrypt.org/t/log4j-vulnerability-cve-2021-44228/167464 + - https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: LibreNMS - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Real-Time Innovations (RTI) + product: Distributed Logger cves: cve-2021-4104: investigated: false @@ -56448,13 +92722,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.librenms.org/t/is-librenms-affected-by-vulnerable-to-cve-2021-25218-cve-2021-44228/17675/6 + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: LifeRay - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: Recording Console cves: cve-2021-4104: investigated: false @@ -56477,13 +92751,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://liferay.dev/blogs/-/blogs/log4j2-zero-day-vulnerability + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: LifeSize - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Administration Console cves: cve-2021-4104: investigated: false @@ -56506,13 +92780,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.lifesize.com/s/article/Apache-Log4j2-CVE-2021-44228 + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Lightbend - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator cves: cve-2021-4104: investigated: false @@ -56535,13 +92809,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275 + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Lime CRM - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator Server cves: cve-2021-4104: investigated: false @@ -56564,13 +92838,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.lime-crm.com/security/lcsec21-01 + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: LIONGARD - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) cves: cve-2021-4104: investigated: false @@ -56578,8 +92852,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - as part of RTI Connext Micro 3.0.0 + - 3.0.1 + - 3.0.2 + - 3.0.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -56593,13 +92871,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://insights.liongard.com/faq-apache-log4j-vulnerability + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: LiquidFiles - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) cves: cve-2021-4104: investigated: false @@ -56607,8 +92885,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - as part of RTI Connext Professional 6.0.0 and 6.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -56622,13 +92901,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mailchi.mp/liquidfiles/liquidfiles-log4j?e=%5BUNIQID%5D + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: LiveAction - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Monitor cves: cve-2021-4104: investigated: false @@ -56651,13 +92930,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://documentation.liveaction.com/LiveNX/LiveNX%2021.5.1%20Release%20Notes/Release%20Notes%20LiveNX%2021.5.1.1.3 + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Loftware - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Red Hat + product: log4j-core cves: cve-2021-4104: investigated: false @@ -56680,13 +92959,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.loftware.com/lps-kb/content/log4j%20cve-2021-44228.htm?Highlight=CVE-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: LOGalyze - product: SIEM & log analyzer tool + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel K cves: cve-2021-4104: investigated: false @@ -56694,9 +92973,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - v4.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -56710,15 +92988,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sourceforge.net/software/product/LOGalyze/ - notes: 'local-log4j-vuln-scanner result: indicator for vulnerable component found - in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j - 1.2.17' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130)' references: - - '[Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories)' - last_updated: '2021-12-17T00:00:00' - - vendor: LogiAnalytics - product: '' + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat build of Quarkus cves: cve-2021-4104: investigated: false @@ -56741,13 +93017,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228- + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: LogicMonitor - product: LogicMonitor Platform + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat CodeReady Studio cves: cve-2021-4104: investigated: false @@ -56755,9 +93031,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 12.21.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -56770,13 +93047,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso)' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: LogMeIn - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Data Grid cves: cve-2021-4104: investigated: false @@ -56784,9 +93061,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '8' unaffected_versions: [] cve-2021-45046: investigated: false @@ -56799,13 +93077,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132)' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: LogRhythm - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Decision Manager cves: cve-2021-4104: investigated: false @@ -56813,10 +93091,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -56828,13 +93107,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Looker - product: Looker + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux cves: cve-2021-4104: investigated: false @@ -56843,15 +93122,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '21.0' - - '21.6' - - '21.12' - - '21.16' - - '21.18' - - '21.20' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '6' cve-2021-45046: investigated: false affected_versions: [] @@ -56863,13 +93137,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: LucaNet - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux cves: cve-2021-4104: investigated: false @@ -56877,10 +93151,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -56892,13 +93167,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.lucanet.com/en/blog/update-vulnerability-log4j + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Lucee - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux cves: cve-2021-4104: investigated: false @@ -56906,10 +93181,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '8' cve-2021-45046: investigated: false affected_versions: [] @@ -56921,13 +93197,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dev.lucee.org/t/lucee-is-not-affected-by-the-log4j-jndi-exploit-cve-2021-44228/9331/4 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Lyrasis - product: Fedora Repository + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel Quarkus cves: cve-2021-4104: investigated: false @@ -56935,14 +93211,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 3.x - - 4.x - - 5.x - - 6.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -56954,14 +93226,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/g/fedora-tech/c/dQMQ5jaX8Xo - notes: Fedora Repository is unaffiliated with Fedora Linux. Uses logback and - explicitly excludes log4j. + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126)' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: MailStore - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss A-MQ Streaming cves: cve-2021-4104: investigated: false @@ -56984,13 +93255,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/ - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138)' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Maltego - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform cves: cve-2021-4104: investigated: false @@ -56998,9 +93269,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -57013,13 +93285,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/ - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: ManageEngine Zoho - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform Expansion Pack cves: cve-2021-4104: investigated: false @@ -57027,10 +93301,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -57042,13 +93317,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: ManageEngine Zoho - product: ADAudit Plus + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Fuse cves: cve-2021-4104: investigated: false @@ -57056,10 +93331,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - On-Prem - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -57072,13 +93347,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134)' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: ADManager Plus + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Process Automation cves: cve-2021-4104: investigated: false @@ -57086,10 +93361,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - On-Prem - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -57102,13 +93377,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Analytics Plus + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Single Sign-On cves: cve-2021-4104: investigated: false @@ -57116,11 +93393,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - On-Prem + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -57132,13 +93409,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Cloud Security Plus + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Vert.X cves: cve-2021-4104: investigated: false @@ -57146,10 +93423,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - On-Prem - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '4' unaffected_versions: [] cve-2021-45046: investigated: false @@ -57162,13 +93439,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093)' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: DataSecurity Plus + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Satellite 5 cves: cve-2021-4104: investigated: false @@ -57177,8 +93454,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -57192,13 +93468,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: EventLog Analyzer + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Spacewalk cves: cve-2021-4104: investigated: false @@ -57207,8 +93483,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -57222,13 +93497,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Exchange Reporter Plus + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 3.11 + product: openshift3/ose-logging-elasticsearch5 cves: cve-2021-4104: investigated: false @@ -57237,8 +93512,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -57252,13 +93526,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094)' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Log360 + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-logging-elasticsearch6 cves: cve-2021-4104: investigated: false @@ -57267,8 +93541,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -57282,13 +93555,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Log360 UEBA + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-hive cves: cve-2021-4104: investigated: false @@ -57297,8 +93571,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -57312,13 +93585,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: M365 Manager Plus + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-presto cves: cve-2021-4104: investigated: false @@ -57327,8 +93601,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -57342,13 +93615,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: M365 Security Plus + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Logging + product: logging-elasticsearch6-container cves: cve-2021-4104: investigated: false @@ -57357,8 +93631,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -57372,13 +93645,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: RecoveryManager Plus + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenStack Platform 13 (Queens) + product: opendaylight cves: cve-2021-4104: investigated: false @@ -57387,8 +93661,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -57402,13 +93675,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: End of Life references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine - product: AD SelfService Plus + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-java-common-log4j cves: cve-2021-4104: investigated: false @@ -57416,11 +93689,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Build 6.1 build 6114 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -57431,13 +93703,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-27T00:00:00' - - vendor: ManageEngine - product: Servicedesk Plus + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven35-log4j12 cves: cve-2021-4104: investigated: false @@ -57445,9 +93718,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 11305 and below + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -57461,13 +93733,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.manageengine.com/products/service-desk/security-response-plan.html + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: MariaDB - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven36-log4j12 cves: cve-2021-4104: investigated: false @@ -57490,13 +93762,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/ + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MathWorks - product: All MathWorks general release desktop or server products + last_updated: '2021-12-21T00:00:00' + - vendor: Red5Pro + product: '' cves: cve-2021-4104: investigated: false @@ -57504,7 +93776,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57519,13 +93791,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time + - https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: MathWorks - product: MATLAB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RedGate + product: '' cves: cve-2021-4104: investigated: false @@ -57533,11 +93805,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -57549,13 +93820,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf + - https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Matillion - product: Matillion ETL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Redis + product: '' cves: cve-2021-4104: investigated: false @@ -57563,10 +93834,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 1.59.10+ + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -57579,12 +93849,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://documentation.matillion.com/docs/security-advisory-14th-december-2021 + - https://redis.com/security/notice-apache-log4j2-cve-2021-44228/ notes: '' references: - '' - last_updated: '2022-11-01T00:00:00' - - vendor: Matomo + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Reiner SCT product: '' cves: cve-2021-4104: @@ -57608,12 +93878,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089 + - https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mattermost FocalBoard + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ReportURI product: '' cves: cve-2021-4104: @@ -57637,13 +93907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.mattermost.org/t/log4j-vulnerability-concern/12676 + - https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: McAfee - product: Data Exchange Layer (DXL) Client + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ResMed + product: AirView cves: cve-2021-4104: investigated: false @@ -57665,13 +93935,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.resmed.com/en-us/security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Discover + last_updated: '2021-12-21T00:00:00' + - vendor: ResMed + product: myAir cves: cve-2021-4104: investigated: false @@ -57693,13 +93964,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.resmed.com/en-us/security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Endpoint for Mac + last_updated: '2021-12-21T00:00:00' + - vendor: Respondus + product: '' cves: cve-2021-4104: investigated: false @@ -57721,13 +93993,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://support.respondus.com/support/index.php?/News/NewsItem/View/339 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Endpoint for Windows + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Revenera / Flexera + product: '' cves: cve-2021-4104: investigated: false @@ -57749,13 +94023,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Monitor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ricoh + product: '' cves: cve-2021-4104: investigated: false @@ -57777,13 +94052,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ricoh.com/info/2021/1215_1/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Prevent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RingCentral + product: '' cves: cve-2021-4104: investigated: false @@ -57805,13 +94081,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ringcentral.com/trust-center/security-bulletin.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Endpoint Security (ENS) for Linux + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Riverbed + product: '' cves: cve-2021-4104: investigated: false @@ -57833,13 +94110,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://supportkb.riverbed.com/support/index?page=content&id=S35645 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Endpoint Security (ENS) for Mac + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataFlowML cves: cve-2021-4104: investigated: false @@ -57847,8 +94125,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.00.00 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -57861,13 +94140,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Endpoint Security (ENS) for Windows + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataView cves: cve-2021-4104: investigated: false @@ -57875,8 +94155,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.03.00 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -57889,13 +94170,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Enterprise Security Manager (ESM) + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Industrial Data Center cves: cve-2021-4104: investigated: false @@ -57906,7 +94188,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - 11.5.3 + - Gen 1 + - Gen 2 + - Gen 3 + - Gen 3.5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -57919,13 +94204,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: ePolicy Orchestrator Agent Handlers (ePO-AH) + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: MES EIG cves: cve-2021-4104: investigated: false @@ -57933,10 +94218,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - 3.03.00 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: Customers should upgrade to EIG Hub if possible or work with their local + representatives about alternative solutions. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: VersaVirtual + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Series A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -57947,13 +94264,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: ePolicy Orchestrator Application Server (ePO) + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Warehouse Management cves: cve-2021-4104: investigated: false @@ -57962,9 +94280,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - 5.10 CU11 + affected_versions: + - 4.01.00 + - 4.02.00 + - 4.02.01 + - 4.02.02 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -57977,13 +94298,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Host Intrusion Prevention (Host IPS) + last_updated: '2021-12-15T00:00:00' + - vendor: Rollbar + product: '' cves: cve-2021-4104: investigated: false @@ -58005,13 +94326,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://rollbar.com/blog/log4j-zero-day-2021-log4shell/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Management of Native Encryption (MNE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rosette.com + product: '' cves: cve-2021-4104: investigated: false @@ -58033,13 +94355,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Active Response (MAR) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager cves: cve-2021-4104: investigated: false @@ -58065,37 +94388,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Agent (MA) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Linux + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager Prime cves: cve-2021-4104: investigated: false @@ -58121,9 +94416,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Windows + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager WebTier cves: cve-2021-4104: investigated: false @@ -58149,9 +94444,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Client Proxy (MCP) for Mac + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle cves: cve-2021-4104: investigated: false @@ -58177,9 +94472,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Client Proxy (MCP) for Windows + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle Cloud cves: cve-2021-4104: investigated: false @@ -58205,9 +94500,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Drive Encryption (MDE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Identity Router cves: cve-2021-4104: investigated: false @@ -58233,9 +94528,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Security for Microsoft Exchange (MSME) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA Netwitness + product: '' cves: cve-2021-4104: investigated: false @@ -58257,13 +94552,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Security for Microsoft Exchange (MSME) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rstudioapi + product: Rstudioapi cves: cve-2021-4104: investigated: false @@ -58271,10 +94567,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '0.13' cve-2021-45046: investigated: false affected_versions: [] @@ -58285,13 +94582,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://github.com/rstudio/rstudioapi notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Security for Microsoft SharePoint (MSMS) + last_updated: '2021-12-21T00:00:00' + - vendor: Rubrik + product: '' cves: cve-2021-4104: investigated: false @@ -58313,13 +94611,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Network Security Manager (NSM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ruckus + product: Virtual SmartZone (vSZ) cves: cve-2021-4104: investigated: false @@ -58327,8 +94627,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 5.1 to 6.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -58341,13 +94642,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://support.ruckuswireless.com/security_bulletins/313 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Network Security Platform (NSP) + last_updated: '2021-12-13T00:00:00' + - vendor: RunDeck by PagerDuty + product: '' cves: cve-2021-4104: investigated: false @@ -58369,13 +94671,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://docs.rundeck.com/docs/history/CVEs/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Policy Auditor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Runecast + product: Runecast Analyzer cves: cve-2021-4104: investigated: false @@ -58383,9 +94686,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 6.0.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -58397,13 +94701,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.runecast.com/release-notes notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Threat Intelligence Exchange (TIE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAE-IT + product: '' cves: cve-2021-4104: investigated: false @@ -58426,13 +94731,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 - notes: Latest status in linked Security Bulletin + - https://www.sae-it.com/nc/de/news/sicherheitsmeldungen.html + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Web Gateway (MWG) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAFE FME Server + product: '' cves: cve-2021-4104: investigated: false @@ -58455,12 +94760,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + - https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Medtronic + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAGE product: '' cves: cve-2021-4104: @@ -58484,12 +94789,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medtronic.com/xg-en/product-security/security-bulletins/log4j-vulnerabilities.html + - https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: MEINBERG + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SailPoint product: '' cves: cve-2021-4104: @@ -58513,13 +94818,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm - notes: '' + - https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MEINBERG - product: LANTIME and microSync + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Salesforce + product: Analytics Cloud cves: cve-2021-4104: investigated: false @@ -58527,14 +94833,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -58542,13 +94850,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Meltano - product: Meltano + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: B2C Commerce Cloud cves: cve-2021-4104: investigated: false @@ -58556,14 +94866,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -58571,13 +94883,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/meltano/meltano - notes: Project is written in Python + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Memurai - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: ClickSoftware (As-a-Service) cves: cve-2021-4104: investigated: false @@ -58585,14 +94899,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -58600,13 +94916,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.memurai.com/blog/apache-log4j2-cve-2021-44228 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MicroFocus - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: ClickSoftware (On-Premise) cves: cve-2021-4104: investigated: false @@ -58614,14 +94932,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -58629,13 +94949,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional + details are available here. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microsoft - product: Azure API Gateway + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Data.com cves: cve-2021-4104: investigated: false @@ -58643,14 +94966,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -58658,13 +94983,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microsoft - product: Azure Application Gateway + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: DataLoader cves: cve-2021-4104: investigated: false @@ -58672,14 +94999,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>=53.0.2' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>=53.0.2' unaffected_versions: [] cve-2021-45105: investigated: false @@ -58687,13 +95016,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - notes: '' + - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2 + notes: This version is for use with Salesforce Winter '22 or higher release through + Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for + CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microsoft - product: Azure Data lake store java + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Datorama cves: cve-2021-4104: investigated: false @@ -58702,14 +95033,15 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.3.10 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -58717,13 +95049,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microsoft - product: Azure Data lake store java + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Evergage (Interaction Studio) cves: cve-2021-4104: investigated: false @@ -58732,14 +95066,15 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.3.10 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -58747,13 +95082,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microsoft - product: Azure DevOps + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Experience (Community) Cloud cves: cve-2021-4104: investigated: false @@ -58761,14 +95098,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -58776,13 +95115,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microsoft - product: Azure DevOps Server + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Force.com cves: cve-2021-4104: investigated: false @@ -58791,14 +95132,15 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2019.0 - 2020.1 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -58806,13 +95148,18 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been + patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + Make sure that you are using Data Loader version 53.0.2 or later. Follow the + steps described here to download the latest version of Data Loader. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microsoft - product: Azure Traffic Manager + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Heroku cves: cve-2021-4104: investigated: false @@ -58820,28 +95167,31 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Heroku is reported to not be affected by the issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microsoft - product: Team Foundation Server + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Marketing Cloud cves: cve-2021-4104: investigated: false @@ -58850,14 +95200,15 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2018.2+ - fixed_versions: [] + affected_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -58865,13 +95216,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Salesforce-owned services within Marketing Cloud are not affected by the + issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party + vendors have been patched to address the security issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microstrategy - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: MuleSoft (Cloud) cves: cve-2021-4104: investigated: false @@ -58879,14 +95233,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -58894,13 +95250,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft + services, including dataloader.io, have been updated to mitigate the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Midori Global - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: MuleSoft (On-Premise) cves: cve-2021-4104: investigated: false @@ -58908,14 +95267,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -58923,13 +95284,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.midori-global.com/blog/2021/12/15/cve-2021-44228-log4shell-midori-apps-are-not-affected - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors, including Private Cloud Edition + (PCE) and Anypoint Studio, have a mitigation in place to address the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mikrotik - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Pardot cves: cve-2021-4104: investigated: false @@ -58937,14 +95302,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -58952,13 +95319,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.mikrotik.com/viewtopic.php?p=897938 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Milestone sys - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Sales Cloud cves: cve-2021-4104: investigated: false @@ -58966,14 +95335,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -58981,13 +95352,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcommunity.milestonesys.com/s/article/Log4J-vulnerability-faq?language=en_US - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mimecast - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Service Cloud cves: cve-2021-4104: investigated: false @@ -58995,14 +95368,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -59010,13 +95385,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.mimecast.com/s/article/Mimecast-Information-for-Customers-on-the-Log4Shell-Vulnerability - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Minecraft - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Slack cves: cve-2021-4104: investigated: false @@ -59024,14 +95401,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -59039,13 +95418,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are + available here. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mirantis - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Social Studio cves: cve-2021-4104: investigated: false @@ -59053,14 +95435,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -59068,13 +95452,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Miro - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Tableau (On-Premise) cves: cve-2021-4104: investigated: false @@ -59082,9 +95468,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 2021.4.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -59097,13 +95484,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://miro.com/trust/updates/log4j/ - notes: '' + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Patches to address the issues currently identified in both CVE-2021-44228 and + CVE-2021-45046 are available for download. Additional details are available + here. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mitel - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Salesforce + product: Tableau (Online) cves: cve-2021-4104: investigated: false @@ -59111,14 +95501,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -59126,13 +95518,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services + have been patched to mitigate the issues currently identified in both CVE-2021-44228 + and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MMM Group - product: Control software of all MMM series + last_updated: '2022-01-26T00:00:00' + - vendor: Samsung Electronics America + product: Knox Admin Portal cves: cve-2021-4104: investigated: false @@ -59140,28 +95534,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: MMM Group - product: RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Asset Intelligence cves: cve-2021-4104: investigated: false @@ -59169,28 +95565,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: MobileIron - product: Core + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Configure cves: cve-2021-4104: investigated: false @@ -59199,32 +95597,29 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All Versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Core Connector + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox E-FOTA One cves: cve-2021-4104: investigated: false @@ -59233,32 +95628,29 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All Versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Reporting Database (RDB) + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Guard cves: cve-2021-4104: investigated: false @@ -59267,32 +95659,29 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All Versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Sentry + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox License Management cves: cve-2021-4104: investigated: false @@ -59301,34 +95690,29 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '9.13' - - '9.14' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MongoDB - product: All other components of MongoDB Atlas (including Atlas Database, Data - Lake, Charts) + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Manage cves: cve-2021-4104: investigated: false @@ -59336,14 +95720,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45105: investigated: false @@ -59351,13 +95737,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MongoDB - product: MongoDB Atlas Search + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Managed Services Provider (MSP) cves: cve-2021-4104: investigated: false @@ -59365,29 +95751,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MongoDB - product: MongoDB Community Edition (including Community Server, Cloud Manager, - Community Kubernetes Operators) + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Mobile Enrollment cves: cve-2021-4104: investigated: false @@ -59395,28 +95782,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MongoDB - product: MongoDB Drivers + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Reseller Portal cves: cve-2021-4104: investigated: false @@ -59424,14 +95813,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45105: investigated: false @@ -59439,14 +95830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MongoDB - product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, - Enterprise Kubernetes Operators) + last_updated: '2022-01-17T00:00:00' + - vendor: Sangoma + product: '' cves: cve-2021-4104: investigated: false @@ -59469,13 +95859,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://help.sangoma.com/community/s/article/Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MongoDB - product: MongoDB Realm (including Realm Database, Sync, Functions, APIs) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAP + product: '' cves: cve-2021-4104: investigated: false @@ -59498,14 +95888,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb - notes: '' + - https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025.pdf + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MongoDB - product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas - CLI, Database Connectors) + last_updated: '2021-12-17T00:00:00' + - vendor: SAP Advanced Platform + product: '' cves: cve-2021-4104: investigated: false @@ -59528,12 +95918,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb - notes: '' + - https://launchpad.support.sap.com/#/notes/3130698 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Moodle + last_updated: '2021-12-17T00:00:00' + - vendor: SAP BusinessObjects product: '' cves: cve-2021-4104: @@ -59557,12 +95948,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://moodle.org/mod/forum/discuss.php?d=429966 - notes: '' + - https://blogs.sap.com/2021/12/16/cve-2021-44228-impact-of-log4j-vulnerability-on-sap-businessobjects/ + notes: The support document is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MoogSoft + last_updated: '2021-12-17T00:00:00' + - vendor: SAS product: '' cves: cve-2021-4104: @@ -59586,12 +95978,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228 + - https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Motorola Avigilon + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SASSAFRAS product: '' cves: cve-2021-4104: @@ -59615,12 +96007,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US + - https://www.sassafras.com/log4j-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mulesoft + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Savignano software solutions product: '' cves: cve-2021-4104: @@ -59644,14 +96036,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://savignano.atlassian.net/wiki/spaces/SNOTIFY/blog/2021/12/13/2839740417/No+Log4j+Vulnerability+in+S+Notify + notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mulesoft - product: Anypoint Studio + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SBT + product: SBT cves: cve-2021-4104: investigated: false @@ -59661,7 +96052,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.x + - <1.5.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59675,14 +96066,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + - https://github.com/sbt/sbt/releases/tag/v1.5.7 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Mulesoft - product: Cloudhub + - vendor: ScaleComputing + product: '' cves: cve-2021-4104: investigated: false @@ -59705,14 +96095,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + - https://community.scalecomputing.com/s/article/Apache-Log4j-Vulnerability + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Mulesoft - product: Mule Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ScaleFusion MobileLock Pro + product: '' cves: cve-2021-4104: investigated: false @@ -59720,9 +96110,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 6.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59736,14 +96125,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + - https://help.mobilock.in/article/t9sx43yg44-scalefusion-security-advisory-for-apache-log-4-j-vulnerability-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Mulesoft - product: Mule Runtime + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Schneider Electric + product: EASYFIT cves: cve-2021-4104: investigated: false @@ -59753,8 +96141,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.x - - 4.x + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59768,14 +96155,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: N-able - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Ecoreal XL cves: cve-2021-4104: investigated: false @@ -59783,8 +96169,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59798,13 +96185,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nagios - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: EcoStruxure IT Expert cves: cve-2021-4104: investigated: false @@ -59812,9 +96199,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -59826,14 +96214,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/ + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: NAKIVO - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: EcoStruxure IT Gateway cves: cve-2021-4104: investigated: false @@ -59841,9 +96228,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - V1.5.0 to V1.13.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -59856,46 +96244,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145 + - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: National Instruments - product: OptimalPlus + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Eurotherm Data Reviewer cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - - Vertica - - Cloudera - - Logstash + - V3.0.2 and prior fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html - notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact - Technical Support + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Neo4j - product: Neo4j Graph Database + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Facility Expert Small Business cves: cve-2021-4104: investigated: false @@ -59904,10 +96289,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '>4.2' - - <4..2.12 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -59919,13 +96303,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Netapp - product: Multiple NetApp products + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: MSE cves: cve-2021-4104: investigated: false @@ -59933,8 +96318,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59948,13 +96334,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.netapp.com/advisory/ntap-20211210-0007/ + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Netcup - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: NetBotz750/755 cves: cve-2021-4104: investigated: false @@ -59962,8 +96348,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Software versions 5.0 through 5.3.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59977,13 +96364,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/ + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: NetGate PFSense - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: NEW630 cves: cve-2021-4104: investigated: false @@ -59991,8 +96378,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60006,13 +96394,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Netwrix - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK BOM cves: cve-2021-4104: investigated: false @@ -60020,8 +96408,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60035,13 +96424,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.netwrix.com/netwrix_statement_on_cve_2021_44228_the_apache_log4j_vulnerability.html + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: New Relic - product: Containerized Private Minion (CPM) + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK-Docgen cves: cve-2021-4104: investigated: false @@ -60050,9 +96439,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - 3.0.57 + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -60065,14 +96454,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/ - notes: New Relic is in the process of revising guidance/documentation, however - the fix version remains sufficient. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - - '[Security Bulletin NR21-04](https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/)' - last_updated: '2021-12-18T00:00:00' - - vendor: New Relic - product: New Relic Java Agent + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK-TNC cves: cve-2021-4104: investigated: false @@ -60082,7 +96470,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <7.4.3 + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60096,14 +96484,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-743/ - notes: Initially fixed in 7.4.2, but additional vulnerability found + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - - '[New Relic tracking](https://github.com/newrelic/newrelic-java-agent/issues/605), - covers CVE-2021-44228, CVE-2021-45046' + - '' last_updated: '2021-12-20T00:00:00' - - vendor: NextCloud - product: '' + - vendor: Schneider Electric + product: SDK-UMS cves: cve-2021-4104: investigated: false @@ -60111,8 +96498,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60126,13 +96514,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nextflow - product: Nextflow + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK3D2DRenderer cves: cve-2021-4104: investigated: false @@ -60141,10 +96529,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Current software and earlier fixed_versions: [] - unaffected_versions: - - 21.04.0.5552 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60156,13 +96544,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.nextflow.io/docs/latest/index.html + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Nexus Group - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK3D360Widget cves: cve-2021-4104: investigated: false @@ -60170,8 +96558,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60185,13 +96574,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nice Software (AWS) EnginFRAME - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Select and Config DATA cves: cve-2021-4104: investigated: false @@ -60199,8 +96588,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60214,13 +96604,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.enginframe.com/ + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: NinjaRMM - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SNC-API cves: cve-2021-4104: investigated: false @@ -60228,8 +96618,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60243,14 +96634,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j- - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nomachine - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SNC-CMM cves: cve-2021-4104: investigated: false @@ -60258,8 +96648,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60273,13 +96664,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.nomachine.com/topic/apache-log4j-notification + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: NoviFlow - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SNCSEMTECH cves: cve-2021-4104: investigated: false @@ -60287,8 +96678,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60302,13 +96694,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://noviflow.com/noviflow-products-and-the-log4shell-exploit-cve-2021-44228/ + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nulab - product: Backlog + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SPIMV3 cves: cve-2021-4104: investigated: false @@ -60317,9 +96709,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - N/A (SaaS) + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -60332,13 +96724,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nulab - product: Backlog Enterprise (On-premises) + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SWBEditor cves: cve-2021-4104: investigated: false @@ -60347,9 +96739,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - < 1.11.7 + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -60362,13 +96754,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nulab - product: Cacoo + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SWBEngine cves: cve-2021-4104: investigated: false @@ -60377,9 +96769,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - N/A (SaaS) + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -60392,13 +96784,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nulab - product: Cacoo Enterprise (On-premises) + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Wiser by SE platform cves: cve-2021-4104: investigated: false @@ -60409,7 +96801,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 4.0.4 + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -60421,14 +96813,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nulab - product: Typetalk + last_updated: '2021-12-20T00:00:00' + - vendor: Schweitzer Engineering Laboratories + product: '' cves: cve-2021-4104: investigated: false @@ -60436,10 +96827,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A (SaaS) + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -60452,13 +96842,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://selinc.com/support/security-notifications/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nutanix - product: AHV + last_updated: '2021-12-21T00:00:00' + - vendor: SCM Manager + product: '' cves: cve-2021-4104: investigated: false @@ -60466,11 +96856,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60482,13 +96871,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: AOS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ScreenBeam + product: '' cves: cve-2021-4104: investigated: false @@ -60496,12 +96885,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - LTS (including Prism Element) - - Community Edition + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60513,13 +96900,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://customersupport.screenbeam.com/hc/en-us/articles/4416468085389-December-2021-Security-Alert-Log4j-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: AOS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SDL worldServer + product: '' cves: cve-2021-4104: investigated: false @@ -60527,10 +96914,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - STS (including Prism Element) + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -60543,13 +96929,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Patched in 6.0.2.4, available on the Portal for download. + - https://gateway.sdl.com/apex/communityknowledge?articleName=000017707 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Beam + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Seagull Scientific + product: '' cves: cve-2021-4104: investigated: false @@ -60572,13 +96958,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://support.seagullscientific.com/hc/en-us/articles/4415794235543-Apache-Log4Shell-Vulnerability + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: BeamGov + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SecurePoint + product: '' cves: cve-2021-4104: investigated: false @@ -60601,13 +96987,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://www.securepoint.de/news/details/sicherheitsluecke-log4j-securepoint-loesungen-nicht-betroffen.html + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Calm + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Security Onion + product: '' cves: cve-2021-4104: investigated: false @@ -60615,11 +97001,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60631,13 +97016,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Calm Tunnel VM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Securonix + product: Extended Detection and Response (XDR) cves: cve-2021-4104: investigated: false @@ -60646,10 +97031,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60661,13 +97046,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Collector + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: Next Gen SIEM cves: cve-2021-4104: investigated: false @@ -60676,10 +97061,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60691,13 +97076,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Collector Portal + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: Security Analytics and Operations Platform (SOAR) cves: cve-2021-4104: investigated: false @@ -60705,8 +97090,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60720,13 +97106,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Data Lens + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: SNYPR Application cves: cve-2021-4104: investigated: false @@ -60749,13 +97135,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Era + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: User and Entity Behavior Analytics(UEBA) cves: cve-2021-4104: investigated: false @@ -60764,10 +97150,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60779,13 +97165,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: File Analytics + last_updated: '2021-12-10T00:00:00' + - vendor: Seeburger + product: '' cves: cve-2021-4104: investigated: false @@ -60793,11 +97179,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2.1.x - - 2.2.x - - 3.0+ + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60811,14 +97194,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigated in version 3.0.1 which is available on the Portal for download. - Mitigation is available [here](https://portal.nutanix.com/kb/12499) + - https://servicedesk.seeburger.de/portal/en-US/Knowledge/Article/?defId=101040&id=25486312&COMMAND=Open + notes: This advisory is available to customers only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Files + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SentinelOne + product: '' cves: cve-2021-4104: investigated: false @@ -60826,11 +97209,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60842,13 +97224,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Flow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sentry + product: '' cves: cve-2021-4104: investigated: false @@ -60856,11 +97238,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60872,13 +97253,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://blog.sentry.io/2021/12/15/sentrys-response-to-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Flow Security Cental + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SEP + product: '' cves: cve-2021-4104: investigated: false @@ -60901,13 +97282,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://support.sep.de/otrs/public.pl?Action=PublicFAQZoom;ItemID=132 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Foundation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Server Eye + product: '' cves: cve-2021-4104: investigated: false @@ -60915,11 +97296,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60931,13 +97311,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Frame + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ServiceNow + product: '' cves: cve-2021-4104: investigated: false @@ -60960,13 +97340,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: FrameGov + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ServiceTitan + product: ServiceTitan cves: cve-2021-4104: investigated: false @@ -60974,28 +97354,31 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://security.servicetitan.com/ + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: FSCVM + last_updated: '2022-02-07T00:00:00' + - vendor: Shibboleth + product: '' cves: cve-2021-4104: investigated: false @@ -61003,11 +97386,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61019,13 +97401,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - http://shibboleth.net/pipermail/announce/2021-December/000253.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Insights + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Shibboleth + product: All Products cves: cve-2021-4104: investigated: false @@ -61033,10 +97415,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Identity Provider>=3.0 + - All other software versions cve-2021-45046: investigated: false affected_versions: [] @@ -61048,13 +97432,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://shibboleth.net/pipermail/announce/2021-December/000253.html + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Karbon + last_updated: '2021-12-10T00:00:00' + - vendor: Shopify + product: '' cves: cve-2021-4104: investigated: false @@ -61062,9 +97446,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61078,13 +97461,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12483) + - https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Karbon Platform Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Siebel + product: '' cves: cve-2021-4104: investigated: false @@ -61107,13 +97490,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: LCM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Siemens + product: Affected Products cves: cve-2021-4104: investigated: false @@ -61121,11 +97504,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61137,13 +97519,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Leap + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens + product: Affected Products cves: cve-2021-4104: investigated: false @@ -61166,13 +97549,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Mine + last_updated: '2021-12-19T00:00:00' + - vendor: Siemens Energy + product: Affected Products cves: cve-2021-4104: investigated: false @@ -61180,9 +97564,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61196,13 +97579,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12484) + - https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Move + last_updated: '2021-12-21T00:00:00' + - vendor: Siemens Energy + product: Affected Products cves: cve-2021-4104: investigated: false @@ -61210,11 +97594,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61226,13 +97609,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: MSP + - vendor: Siemens Energy + product: Affected Products cves: cve-2021-4104: investigated: false @@ -61240,9 +97624,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61256,13 +97639,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) + - https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: NCC + last_updated: '2021-12-16T00:00:00' + - vendor: Siemens Healthineers + product: ATELLICA DATA MANAGER v1.1.1 / v1.2.1 / v1.3.1 cves: cve-2021-4104: investigated: false @@ -61270,11 +97654,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61286,13 +97669,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: If you have determined that your Atellica Data Manager has a “Java communication + engine” service, and you require an immediate mitigation, then please contact + your Siemens Customer Care Center or your local Siemens technical support representative. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: NGT + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: CENTRALINK v16.0.2 / v16.0.3 cves: cve-2021-4104: investigated: false @@ -61300,11 +97685,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61316,13 +97700,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: If you have determined that your CentraLink has a “Java communication engine” + service, and you require a mitigation, then please contact your Siemens Customer + Care Center or your local Siemens technical support representative. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Objects + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Cios Flow S1 / Alpha / Spin VA30 cves: cve-2021-4104: investigated: false @@ -61330,9 +97716,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61346,13 +97731,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Prism Central + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Cios Select FD/I.I. VA21 / VA21-S3P cves: cve-2021-4104: investigated: false @@ -61360,10 +97745,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -61376,13 +97760,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Patched in 2021-9.0.3, available on the Portal for download. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Sizer + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: DICOM Proxy VB10A cves: cve-2021-4104: investigated: false @@ -61405,13 +97789,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Volumes + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.All, Som10 VA20 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -61419,11 +97803,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61435,13 +97818,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Witness VM + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Fit, Som10 VA30 cves: cve-2021-4104: investigated: false @@ -61449,9 +97833,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61465,13 +97848,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12491) + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: X-Ray + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Now, Som10 VA10 / VA20 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -61479,11 +97863,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61495,13 +97878,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nvidia - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Open Pro, Som10 VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -61524,13 +97908,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nvidia.custhelp.com/app/answers/detail/a_id/5294 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: NXLog - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Sim, Som10 VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -61553,13 +97938,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Objectif Lune - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Top, Som10 VA20 / VA20A_SP5 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -61582,13 +97968,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://learn.objectiflune.com/blog/security/statement-on-log4j-vulnerability-cve-2021-4428/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OCLC - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Up, Som10 VA10 / VA20 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -61611,13 +97998,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://oclc.service-now.com/status - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Octopus - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM AERA 1,5T, MAGNETOM PRISMA, MAGNETOM PRISMA FIT, MAGNETOM SKYRA + 3T NUMARIS/X VA30A cves: cve-2021-4104: investigated: false @@ -61640,13 +98029,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://advisories.octopus.com/adv/December.2306508680.html - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Okta - product: Advanced Server Access + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Altea NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -61669,13 +98060,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Access Gateway + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM ALTEA, MAGNETOM LUMINA, MAGNETOM SOLA, MAGNETOM VIDA NUMARIS/X + VA31A cves: cve-2021-4104: investigated: false @@ -61698,13 +98092,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta AD Agent + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Amira NUMARIS/X VA12M cves: cve-2021-4104: investigated: false @@ -61727,13 +98123,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Browser Plugin + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Free.Max NUMARIS/X VA40 cves: cve-2021-4104: investigated: false @@ -61756,13 +98154,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta IWA Web Agent + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Lumina NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -61785,13 +98185,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta LDAP Agent + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Sempra NUMARIS/X VA12M cves: cve-2021-4104: investigated: false @@ -61814,13 +98216,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Mobile + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Sola fit NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -61843,13 +98247,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta On-Prem MFA Agent + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Sola NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -61857,9 +98263,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 1.4.6 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61873,13 +98278,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta RADIUS Server Agent + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Vida fit NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -61887,9 +98294,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 2.17.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61903,13 +98309,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Verify + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Vida NUMARIS/X VA10A* / VA20A cves: cve-2021-4104: investigated: false @@ -61932,13 +98340,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Workflows + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A cves: cve-2021-4104: investigated: false @@ -61961,13 +98371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Onespan - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Somatom Emotion Som5 VC50 cves: cve-2021-4104: investigated: false @@ -61990,13 +98400,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.onespan.com/remote-code-execution-vulnerability-in-log4j2-cve-2018-11776 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Opengear - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Somatom Scope Som5 VC50 cves: cve-2021-4104: investigated: false @@ -62019,13 +98429,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OpenMRS TALK - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A cves: cve-2021-4104: investigated: false @@ -62048,13 +98458,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OpenNMS - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Syngo MobileViewer VA10A cves: cve-2021-4104: investigated: false @@ -62077,13 +98487,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: The vulnerability will be patch/mitigated in upcoming releases/patches. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OpenSearch - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 + / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 cves: cve-2021-4104: investigated: false @@ -62106,13 +98517,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OpenText - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 + - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 cves: cve-2021-4104: investigated: false @@ -62135,13 +98547,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.opentext.com/support/log4j-remote-code-execution-advisory - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: Please contact your Customer Service to get support on mitigating the vulnerability. references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Opto 22 - product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 + - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B + / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 + / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 cves: cve-2021-4104: investigated: false @@ -62149,43 +98564,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 4.3g - fixed_versions: - - 4.3g - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software - references: - - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Opto 22 - product: GROOV-AT1, GROOV-AT1-SNAP - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - < 4.3g - fixed_versions: - - 4.3g - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62197,13 +98579,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Opto 22 - product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo.via WebViewer VA13B / VA20A / VA20B cves: cve-2021-4104: investigated: false @@ -62211,11 +98593,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 4.3g - fixed_versions: - - 4.3g + investigated: false + affected_versions: [] + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62228,13 +98608,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Opto 22 - product: GRV-EPIC-PR1, GRV-EPIC-PR2 + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: X.Ceed Somaris 10 VA40* cves: cve-2021-4104: investigated: false @@ -62242,11 +98622,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 3.3.2 - fixed_versions: - - 3.3.2 + investigated: false + affected_versions: [] + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62259,13 +98637,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Oracle - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: X.Cite Somaris 10 VA30*/VA40* cves: cve-2021-4104: investigated: false @@ -62288,14 +98667,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - notes: The support document is available to customers only and has not been reviewed - by CISA + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Oracle - product: Enterprise Manager + last_updated: '2021-12-22T00:00:00' + - vendor: Sierra Wireless + product: '' cves: cve-2021-4104: investigated: false @@ -62303,10 +98682,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '13.5' - - 13.4 & 13.3.2 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -62320,15 +98697,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - notes: Patch status and other security guidance is restricted to Oracle account/support - members. The support document is available to customers only and has not been - reviewed by CISA. + - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Oracle - product: Exadata + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sierra Wireless + product: AirVantage and Octave cloud platforms cves: cve-2021-4104: investigated: false @@ -62336,9 +98711,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <21.3.4 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -62352,15 +98726,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - notes: Patch status and other security guidance is restricted to Oracle account/support - members. The support document is available to customers only and has not been - reviewed by CISA. + - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs + notes: These systems do not operate with the specific non-standard configuration + required for CVE-2021-25046 and hence were not vulnerable to it. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Orgavision - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Sierra Wireless + product: AM/AMM servers cves: cve-2021-4104: investigated: false @@ -62383,13 +98756,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j + - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Osirium - product: PAM + last_updated: '2022-01-05T00:00:00' + - vendor: Signald + product: '' cves: cve-2021-4104: investigated: false @@ -62412,13 +98785,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.osirium.com/blog/apache-log4j-vulnerability + - https://gitlab.com/signald/signald/-/issues/259 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Osirium - product: PEM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Silver Peak + product: Orchestrator, Silver Peak GMS cves: cve-2021-4104: investigated: false @@ -62441,13 +98814,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.osirium.com/blog/apache-log4j-vulnerability - notes: '' + - https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf + notes: Customer managed Orchestrator and legacy GMS products are affected by this + vulnerability. This includes on-premise and customer managed instances running + in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective + Action Required for details about how to mitigate this exploit. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Osirium - product: PPA + last_updated: '2021-12-14T00:00:00' + - vendor: SingleWire + product: '' cves: cve-2021-4104: investigated: false @@ -62470,12 +98846,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.osirium.com/blog/apache-log4j-vulnerability - notes: '' + - https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OTRS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SISCO product: '' cves: cve-2021-4104: @@ -62499,12 +98876,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.otrs.com/external + - https://sisconet.com/sisco-news/log4j/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OVHCloud + last_updated: '2022-01-05T00:00:00' + - vendor: Sitecore product: '' cves: cve-2021-4104: @@ -62528,12 +98905,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.ovhcloud.com/log4shell-how-to-protect-my-cloud-workloads/ + - https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001391 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OwnCloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Skillable product: '' cves: cve-2021-4104: @@ -62557,13 +98934,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://central.owncloud.org/t/owncloud-not-directly-affected-by-log4j-vulnerability/35493 + - https://skillable.com/log4shell/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OxygenXML - product: Author + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SLF4J + product: '' cves: cve-2021-4104: investigated: false @@ -62585,13 +98962,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - http://slf4j.org/log4shell.html + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Developer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Slurm + product: Slurm cves: cve-2021-4104: investigated: false @@ -62599,10 +98977,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 20.11.8 cve-2021-45046: investigated: false affected_versions: [] @@ -62613,13 +98992,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://slurm.schedmd.com/documentation.html + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Editor + last_updated: '2021-12-21T00:00:00' + - vendor: SMA Solar Technology AG + product: '' cves: cve-2021-4104: investigated: false @@ -62641,13 +99021,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://files.sma.de/downloads/HK_Log4j-en-10.pdf?_ga=2.237963714.352491368.1640298543-2015796445.1640298540 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen Content Fusion + last_updated: '2022-01-05T00:00:00' + - vendor: SmartBear + product: '' cves: cve-2021-4104: investigated: false @@ -62655,11 +99036,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '2.0' - - '3.0' - - '4.1' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -62672,13 +99050,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://smartbear.com/security/cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen Feedback Enterprise + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SmileCDR + product: '' cves: cve-2021-4104: investigated: false @@ -62686,9 +99065,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 1.4.4 & older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -62701,13 +99079,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen License Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sn0m + product: '' cves: cve-2021-4104: investigated: false @@ -62715,9 +99094,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - v22.1 to v24.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -62730,13 +99108,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen PDF Chemistry + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snakemake + product: Snakemake cves: cve-2021-4104: investigated: false @@ -62745,13 +99124,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - v22.1 - - '23.0' - - '23.1' - - '24.0' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 6.12.1 cve-2021-45046: investigated: false affected_versions: [] @@ -62762,13 +99138,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://snakemake.readthedocs.io/en/stable/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen SDK + last_updated: '2021-12-21T00:00:00' + - vendor: Snow Software + product: Snow Commander cves: cve-2021-4104: investigated: false @@ -62776,9 +99153,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 8.1 to 8.10.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -62790,13 +99168,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Plugins (see advisory link) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snow Software + product: VM Access Proxy cves: cve-2021-4104: investigated: false @@ -62804,9 +99183,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v3.1 to v3.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -62818,13 +99198,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Publishing Engine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snowflake + product: '' cves: cve-2021-4104: investigated: false @@ -62846,13 +99227,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Web Author + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snyk + product: Cloud Platform cves: cve-2021-4104: investigated: false @@ -62874,13 +99256,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: WebHelp + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Software AG + product: '' cves: cve-2021-4104: investigated: false @@ -62902,13 +99285,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: PagerDuty - product: PagerDuty SaaS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SolarWinds + product: Database Performance Analyzer (DPA) cves: cve-2021-4104: investigated: false @@ -62916,8 +99300,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2021.1.x + - 2021.3.x + - 2022.1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -62931,16 +99318,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability - notes: We currently see no evidence of compromises on our platform. Our teams - continue to monitor for new developments and for impacts on sub-processors and - dependent systems. PagerDuty SaaS customers do not need to take any additional - action for their PagerDuty SaaS environment + - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + notes: 'For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QF-Test - product: '' + last_updated: '2021-12-23T00:00:00' + - vendor: SolarWinds + product: Orion Platform cves: cve-2021-4104: investigated: false @@ -62963,13 +99347,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Qlik - product: '' + last_updated: '2021-12-23T00:00:00' + - vendor: SolarWinds + product: Server & Application Monitor (SAM) cves: cve-2021-4104: investigated: false @@ -62977,8 +99361,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - SAM 2020.2.6 and later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -62992,13 +99377,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 - notes: '' + - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + notes: 'For more information, please see the following KB article for the latest + details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: QMATIC - product: Appointment Booking + last_updated: '2021-12-23T00:00:00' + - vendor: SonarSource + product: '' cves: cve-2021-4104: investigated: false @@ -63006,9 +99392,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2.4+ + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -63022,13 +99407,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: Update to v. 2.8.2 which contains log4j 2.16 + - https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Appointment Booking + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sonatype + product: All Products cves: cve-2021-4104: investigated: false @@ -63037,10 +99422,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Cloud/Managed Service + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Versions cve-2021-45046: investigated: false affected_versions: [] @@ -63052,13 +99437,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-15 + - https://help.sonatype.com/docs/important-announcements/sonatype-product-log4j-vulnerability-status + notes: Sonatype uses logback as the default logging solution as opposed to log4j. + This means our software including Nexus Lifecycle, Nexus Firewall, Nexus Repository + OSS and Nexus Repository Pro in versions 2.x and 3.x are NOT affected by the + reported log4j vulnerabilities. We still advise keeping your software upgraded + at the latest version. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Insights + last_updated: '2021-12-29T00:00:00' + - vendor: SonicWall + product: Access Points cves: cve-2021-4104: investigated: false @@ -63066,9 +99455,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Cloud + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -63082,13 +99470,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-16 + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the SonicWall Access Points references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Orchestra Central + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Analytics cves: cve-2021-4104: investigated: false @@ -63096,11 +99484,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 6.0+ + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -63112,13 +99499,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QNAP - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Analyzer cves: cve-2021-4104: investigated: false @@ -63141,13 +99528,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: QOPPA - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Capture Client & Capture Client Portal cves: cve-2021-4104: investigated: false @@ -63170,13 +99557,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the Capture Client. references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: QSC Q-SYS - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Capture Security Appliance cves: cve-2021-4104: investigated: false @@ -63199,13 +99586,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228 - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the Capture Security appliance. references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: QT - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: CAS cves: cve-2021-4104: investigated: false @@ -63228,13 +99615,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Quest Global - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Email Security cves: cve-2021-4104: investigated: false @@ -63257,43 +99644,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Runecast - product: Runecast Analyzer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - 6.0.3 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.runecast.com/release-notes - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: ES 10.0.11 and earlier versions are impacted references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SAE-IT - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: SonicWall + product: Gen5 Firewalls (EOS) cves: cve-2021-4104: investigated: false @@ -63316,13 +99673,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sae-it.com/nc/de/news/sicherheitsmeldungen.html - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the appliance. references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SAFE FME Server - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Gen6 Firewalls cves: cve-2021-4104: investigated: false @@ -63345,13 +99702,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the appliance. references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SAGE - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Gen7 Firewalls cves: cve-2021-4104: investigated: false @@ -63374,13 +99731,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228 - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the appliance. references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SailPoint - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: GMS cves: cve-2021-4104: investigated: false @@ -63403,14 +99760,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Salesforce - product: Analytics Cloud + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: MSW cves: cve-2021-4104: investigated: false @@ -63433,15 +99789,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Analytics Cloud is reported to be affected by CVE-2021-44228. Services - have been updated to mitigate the issues identified in CVE-2021-44228 and we - are executing our final validation steps."' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Mysonicwall service doesn't use Log4j references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: B2C Commerce Cloud + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: NSM cves: cve-2021-4104: investigated: false @@ -63464,14 +99818,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"B2C Commerce Cloud is reported to be affected by CVE-2021-44228. The - service is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: NSM On-Prem and SaaS doesn't use a vulnerable version references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: ClickSoftware (As-a-Service) + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SMA 100 cves: cve-2021-4104: investigated: false @@ -63494,14 +99847,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"ClickSoftware (As-a-Service) is reported to be affected by CVE-2021-44228. - The service is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the SMA100 appliance. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: ClickSoftware (On-Premise) + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SMA 1000 cves: cve-2021-4104: investigated: false @@ -63524,13 +99876,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Please contact Customer Support."' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Version 12.1.0 and 12.4.1 doesn't use a vulnerable version references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Community Cloud + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SonicCore cves: cve-2021-4104: investigated: false @@ -63553,14 +99905,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Community Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: SonicCore doesn't use a Log4j2 references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Data.com + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SonicWall Switch cves: cve-2021-4104: investigated: false @@ -63583,45 +99934,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Data.com is reported to be affected by CVE-2021-44228. The service has - a mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: DataLoader - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - <=53.0.0 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1 - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the SonicWall Switch. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Salesforce - product: Datorama + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: WAF cves: cve-2021-4104: investigated: false @@ -63644,15 +99963,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Datorama is reported to be affected by CVE-2021-44228. The service has - a mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Evergage (Interaction Studio) + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: WNM cves: cve-2021-4104: investigated: false @@ -63675,15 +99992,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. - Services have been updated to mitigate the issues identified in CVE-2021-44228 - and we are executing our final validation steps."' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the WNM. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Force.com + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: WXA cves: cve-2021-4104: investigated: false @@ -63706,14 +100021,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Force.com is reported to be affected by CVE-2021-44228. The service is - being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: WXA doesn't use a vulnerable version references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Heroku + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Cloud Optix cves: cve-2021-4104: investigated: false @@ -63736,14 +100050,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Heroku is reported to not be affected by CVE-2021-44228; no further action - is necessary at this time."' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Users may have noticed a brief outage around 12:30 GMT as updates were + deployed. There was no evidence that the vulnerability was exploited and to + our knowledge no customers are impacted. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Marketing Cloud + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Reflexion cves: cve-2021-4104: investigated: false @@ -63766,14 +100081,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Marketing Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Reflexion does not run an exploitable configuration. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: MuleSoft (Cloud) + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: SG UTM (all versions) cves: cve-2021-4104: investigated: false @@ -63796,14 +100110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"MuleSoft (Cloud) is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos SG UTM does not use Log4j. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: MuleSoft (On-Premise) + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: SG UTM Manager (SUM) (all versions) cves: cve-2021-4104: investigated: false @@ -63811,10 +100124,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -63826,13 +100140,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Please contact Customer Support."' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: SUM does not use Log4j. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Pardot + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Central cves: cve-2021-4104: investigated: false @@ -63855,14 +100169,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Pardot is reported to be affected by CVE-2021-44228. The service is being - updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Central does not run an exploitable configuration. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Sales Cloud + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Firewall (all versions) cves: cve-2021-4104: investigated: false @@ -63885,14 +100198,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Sales Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Firewall does not use Log4j. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Service Cloud + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Home cves: cve-2021-4104: investigated: false @@ -63915,14 +100227,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Service Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Home does not use Log4j. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Slack + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Mobile cves: cve-2021-4104: investigated: false @@ -63945,15 +100256,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Slack is reported to be affected by CVE-2021-44228. The service has a - mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable + configuration. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Social Studio + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Mobile EAS Proxy cves: cve-2021-4104: investigated: false @@ -63961,8 +100271,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 9.7.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -63976,15 +100287,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Social Studio is reported to be affected by CVE-2021-44228. The service - has a mitigation in place and is being updated to remediate the vulnerability - identified in CVE-2021-44228."' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers + will need to download and install version 9.7.2, available from Monday December + 13, 2021, on the same machine where it is currently running. PowerShell mode + is not affected. Customers can download the Standalone EAS Proxy Installer version + 9.7.2 from the Sophos website. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Tableau (On-Premise) + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos ZTNA cves: cve-2021-4104: investigated: false @@ -63992,10 +100305,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 2021.4.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -64008,13 +100320,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell - notes: Fixed in 2021.4.1 + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos ZTNA does not use Log4j. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Salesforce - product: Tableau (Online) + last_updated: '2021-12-12T00:00:00' + - vendor: SOS Berlin + product: '' cves: cve-2021-4104: investigated: false @@ -64037,14 +100349,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Tableau (Online) is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Samsung Electronics America - product: Knox Admin Portal + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Spacelabs Healthcare + product: ABP cves: cve-2021-4104: investigated: false @@ -64056,26 +100367,27 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - OnTrak + - 90217A + - and 90207 cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Asset Intelligence + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: CardioExpress cves: cve-2021-4104: investigated: false @@ -64087,26 +100399,27 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - SL6A + - SL12A + - and SL18A cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Configure + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: DM3 and DM4 Monitors cves: cve-2021-4104: investigated: false @@ -64114,30 +100427,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox E-FOTA One + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Eclipse Pro cves: cve-2021-4104: investigated: false @@ -64145,30 +100456,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Guard + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: EVO cves: cve-2021-4104: investigated: false @@ -64176,30 +100485,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox License Management + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Intesys Clinical Suite (ICS) cves: cve-2021-4104: investigated: false @@ -64207,30 +100514,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Manage + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Intesys Clinical Suite (ICS) Clinical Access Workstations cves: cve-2021-4104: investigated: false @@ -64238,16 +100543,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -64255,13 +100558,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Managed Services Provider (MSP) + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Lifescreen Pro cves: cve-2021-4104: investigated: false @@ -64269,30 +100572,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Mobile Enrollment + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Pathfinder SL cves: cve-2021-4104: investigated: false @@ -64300,30 +100601,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Reseller Portal + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Qube cves: cve-2021-4104: investigated: false @@ -64333,14 +100632,13 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Cloud - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '91390' cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -64348,13 +100646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Sangoma - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Qube Mini cves: cve-2021-4104: investigated: false @@ -64362,10 +100660,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91389' cve-2021-45046: investigated: false affected_versions: [] @@ -64377,13 +100676,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.sangoma.com/community/s/article/Log4Shell + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SAP - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: SafeNSound cves: cve-2021-4104: investigated: false @@ -64391,9 +100690,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -64406,14 +100706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025.pdf - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: Version >4.3.1 - Not Affected references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SAP Advanced Platform - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Sentinel cves: cve-2021-4104: investigated: false @@ -64436,14 +100735,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://launchpad.support.sap.com/#/notes/3130698 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SAP BusinessObjects - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Spacelabs Cloud cves: cve-2021-4104: investigated: false @@ -64466,14 +100764,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blogs.sap.com/2021/12/16/cve-2021-44228-impact-of-log4j-vulnerability-on-sap-businessobjects/ - notes: The support document is available to customers only and has not been reviewed - by CISA + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SAS - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Ultraview SL cves: cve-2021-4104: investigated: false @@ -64481,10 +100778,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91367' + - '91369' + - '91370' + - and 91387 cve-2021-45046: investigated: false affected_versions: [] @@ -64496,13 +100797,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SASSAFRAS - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Xhibit Telemetry Receiver (XTR) cves: cve-2021-4104: investigated: false @@ -64510,10 +100811,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '96280' cve-2021-45046: investigated: false affected_versions: [] @@ -64525,13 +100827,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sassafras.com/log4j-vulnerability-cve-2021-44228/ + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Savignano software solutions - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Xhibit, XC4 cves: cve-2021-4104: investigated: false @@ -64539,10 +100841,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Xhibit 96102 + - XC4 96501 cve-2021-45046: investigated: false affected_versions: [] @@ -64554,13 +100858,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://savignano.atlassian.net/wiki/spaces/SNOTIFY/blog/2021/12/13/2839740417/No+Log4j+Vulnerability+in+S+Notify + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SBT - product: SBT + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: XprezzNet cves: cve-2021-4104: investigated: false @@ -64569,10 +100873,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <1.5.6 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '96190' cve-2021-45046: investigated: false affected_versions: [] @@ -64584,13 +100888,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/sbt/sbt/releases/tag/v1.5.7 + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: ScaleComputing - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Xprezzon cves: cve-2021-4104: investigated: false @@ -64598,10 +100902,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91393' cve-2021-45046: investigated: false affected_versions: [] @@ -64613,13 +100918,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.scalecomputing.com/s/article/Apache-Log4j-Vulnerability - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: ScaleFusion MobileLock Pro + last_updated: '2022-01-05T00:00:00' + - vendor: Spambrella product: '' cves: cve-2021-4104: @@ -64643,13 +100947,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mobilock.in/article/t9sx43yg44-scalefusion-security-advisory-for-apache-log-4-j-vulnerability-cve-2021-44228 + - https://www.spambrella.com/faq/status-of-spambrella-products-with-cve-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Schneider Electric - product: EASYFIT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Spigot + product: '' cves: cve-2021-4104: investigated: false @@ -64657,9 +100961,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64673,13 +100976,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Ecoreal XL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Splunk + product: Data Stream Processor cves: cve-2021-4104: investigated: false @@ -64689,7 +100992,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - DSP 1.0.x + - DSP 1.1.x + - DSP 1.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64703,13 +101008,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: EcoStruxure IT Expert + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) cves: cve-2021-4104: investigated: false @@ -64718,39 +101023,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Cloud - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: EcoStruxure IT Gateway - cves: - cve-2021-4104: - investigated: false - affected_versions: [] + affected_versions: + - '4.11' + - 4.10.x (Cloud only) + - 4.9.x fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - V1.5.0 to V1.13.0 - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -64762,13 +101040,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Eurotherm Data Reviewer + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) cves: cve-2021-4104: investigated: false @@ -64778,7 +101056,13 @@ software: cve-2021-44228: investigated: true affected_versions: - - V3.0.2 and prior + - 4.11.0 + - 4.10.x (Cloud only) + - 4.9.x + - 4.8.x (Cloud only) + - 4.7.x + - 4.6.x + - 4.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64792,13 +101076,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Facility Expert Small Business + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) cves: cve-2021-4104: investigated: false @@ -64807,9 +101091,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Cloud + affected_versions: + - 5.2.0 and older + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -64822,13 +101106,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: MSE + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) cves: cve-2021-4104: investigated: false @@ -64838,7 +101122,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - 3.0.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64852,13 +101136,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: NetBotz750/755 + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Application Performance Monitoring cves: cve-2021-4104: investigated: false @@ -64868,7 +101152,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Software versions 5.0 through 5.3.0 + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64882,13 +101166,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: NEW630 + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Connect for Kafka cves: cve-2021-4104: investigated: false @@ -64898,7 +101182,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - All versions prior to 2.0.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64912,13 +101196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK BOM + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Enterprise (including instance types like Heavy Forwarders) cves: cve-2021-4104: investigated: false @@ -64928,7 +101212,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - All supported non-Windows versions of 8.1.x and 8.2.x only if DFS is used. + See Removing Log4j from Splunk Enterprise below for guidance on unsupported + versions. fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64942,13 +101228,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK-Docgen + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Enterprise Amazon Machine Image (AMI) cves: cve-2021-4104: investigated: false @@ -64958,7 +101244,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - See Splunk Enterprise fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64972,13 +101258,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK-TNC + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Enterprise Docker Container cves: cve-2021-4104: investigated: false @@ -64988,7 +101274,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - See Splunk Enterprise fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65002,13 +101288,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK-UMS + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Infrastructure Monitoring cves: cve-2021-4104: investigated: false @@ -65018,7 +101304,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65032,13 +101318,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK3D2DRenderer + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Log Observer cves: cve-2021-4104: investigated: false @@ -65048,7 +101334,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65062,13 +101348,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK3D360Widget + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Logging Library for Java cves: cve-2021-4104: investigated: false @@ -65078,7 +101364,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - 1.11.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65092,13 +101378,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Select and Config DATA + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk On-call / VictorOps cves: cve-2021-4104: investigated: false @@ -65108,7 +101394,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65122,13 +101408,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SNC-API + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) cves: cve-2021-4104: investigated: false @@ -65138,7 +101424,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - 4.0.3 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65152,13 +101438,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SNC-CMM + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) cves: cve-2021-4104: investigated: false @@ -65168,7 +101454,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - 4.2.1 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65182,13 +101468,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SNCSEMTECH + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Real User Monitoring cves: cve-2021-4104: investigated: false @@ -65198,7 +101484,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65212,13 +101498,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SPIMV3 + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) cves: cve-2021-4104: investigated: false @@ -65228,7 +101514,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - 3.0.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65242,13 +101528,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SWBEditor + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Synthetics cves: cve-2021-4104: investigated: false @@ -65258,7 +101544,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65272,13 +101558,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SWBEngine + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk UBA OVA Software cves: cve-2021-4104: investigated: false @@ -65288,7 +101574,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - 5.0.3a + - 5.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65302,13 +101589,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Wiser by SE platform + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) cves: cve-2021-4104: investigated: false @@ -65317,9 +101604,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Cloud + affected_versions: + - 1.1.1 and older + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -65331,12 +101618,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schweitzer Engineering Laboratories + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Sprecher Automation product: '' cves: cve-2021-4104: @@ -65360,13 +101648,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://selinc.com/support/security-notifications/ + - https://www.sprecher-automation.com/en/it-security/security-alerts notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: SCM Manager - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Spring + product: Spring Boot cves: cve-2021-4104: investigated: false @@ -65389,12 +101677,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ - notes: '' + - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot + notes: Spring Boot users are only affected by this vulnerability if they have + switched the default logging system to Log4J2 references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: ScreenBeam + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Spring Boot product: '' cves: cve-2021-4104: @@ -65418,12 +101707,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://customersupport.screenbeam.com/hc/en-us/articles/4416468085389-December-2021-Security-Alert-Log4j-CVE-2021-44228 + - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SDL worldServer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: StarDog product: '' cves: cve-2021-4104: @@ -65447,13 +101736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gateway.sdl.com/apex/communityknowledge?articleName=000017707 + - https://community.stardog.com/t/stardog-7-8-1-available/3411 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Seagull Scientific - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: STERIS + product: Advantage cves: cve-2021-4104: investigated: false @@ -65476,13 +101765,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.seagullscientific.com/hc/en-us/articles/4415794235543-Apache-Log4Shell-Vulnerability + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SecurePoint - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Advantage Plus cves: cve-2021-4104: investigated: false @@ -65505,13 +101794,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securepoint.de/news/details/sicherheitsluecke-log4j-securepoint-loesungen-nicht-betroffen.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Security Onion - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 2000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -65534,13 +101823,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Securonix - product: Extended Detection and Response (XDR) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 3000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -65548,9 +101837,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65564,13 +101852,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: Next Gen SIEM + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 400 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -65578,9 +101866,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65594,13 +101881,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: Security Analytics and Operations Platform (SOAR) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 400 SMALL STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -65608,9 +101895,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65624,13 +101910,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: SNYPR Application + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 5000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -65653,13 +101939,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: User and Entity Behavior Analytics(UEBA) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 600 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -65667,9 +101953,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65683,13 +101968,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Seeburger - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 7000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -65712,14 +101997,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://servicedesk.seeburger.de/portal/en-US/Knowledge/Article/?defId=101040&id=25486312&COMMAND=Open - notes: This advisory is available to customers only and has not been reviewed - by CISA. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SentinelOne - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO CENTURY MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -65742,13 +102026,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Sentry - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO CENTURY SMALL STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -65771,13 +102055,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.sentry.io/2021/12/15/sentrys-response-to-log4j-vulnerability-cve-2021-44228 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SEP - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -65800,13 +102084,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sep.de/otrs/public.pl?Action=PublicFAQZoom;ItemID=132 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Server Eye - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -65829,13 +102113,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: ServiceNow - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -65858,13 +102142,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Shibboleth - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Canexis 1.0 cves: cve-2021-4104: investigated: false @@ -65887,13 +102171,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://shibboleth.net/pipermail/announce/2021-December/000253.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Shibboleth - product: All Products + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: CELERITY HP INCUBATOR cves: cve-2021-4104: investigated: false @@ -65901,12 +102185,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Identity Provider>=3.0 - - All other software versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -65918,13 +102200,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://shibboleth.net/pipermail/announce/2021-December/000253.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Shopify - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: CELERITY STEAM INCUBATOR cves: cve-2021-4104: investigated: false @@ -65947,13 +102229,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Siebel - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: CER Optima cves: cve-2021-4104: investigated: false @@ -65976,43 +102258,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Siemens Energy - product: Affected Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' - references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Siemens Energy - product: Affected Products + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Clarity Software cves: cve-2021-4104: investigated: false @@ -66035,14 +102287,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Siemens Energy - product: Affected Products + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Connect Software cves: cve-2021-4104: investigated: false @@ -66065,14 +102316,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Siemens Healthineers - product: ATELLICA DATA MANAGER v1.1.1 / v1.2.1 / v1.3.1 + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: ConnectAssure Technology cves: cve-2021-4104: investigated: false @@ -66095,15 +102345,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: If you have determined that your Atellica Data Manager has a “Java communication - engine” service, and you require an immediate mitigation, then please contact - your Siemens Customer Care Center or your local Siemens technical support representative. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: CENTRALINK v16.0.2 / v16.0.3 + - vendor: STERIS + product: ConnectoHIS cves: cve-2021-4104: investigated: false @@ -66126,15 +102374,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: If you have determined that your CentraLink has a “Java communication engine” - service, and you require a mitigation, then please contact your Siemens Customer - Care Center or your local Siemens technical support representative. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Cios Flow S1 / Alpha / Spin VA30 + - vendor: STERIS + product: CS-iQ Sterile Processing Workflow cves: cve-2021-4104: investigated: false @@ -66157,13 +102403,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Cios Select FD/I.I. VA21 / VA21-S3P + - vendor: STERIS + product: DSD Edge cves: cve-2021-4104: investigated: false @@ -66186,13 +102432,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: DICOM Proxy VB10A + - vendor: STERIS + product: DSD-201, cves: cve-2021-4104: investigated: false @@ -66215,13 +102461,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.All, Som10 VA20 / VA30 / VA40 + - vendor: STERIS + product: EndoDry cves: cve-2021-4104: investigated: false @@ -66244,14 +102490,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Fit, Som10 VA30 + - vendor: STERIS + product: Endora cves: cve-2021-4104: investigated: false @@ -66274,14 +102519,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Now, Som10 VA10 / VA20 / VA30 / VA40 + - vendor: STERIS + product: Harmony iQ Integration Systems cves: cve-2021-4104: investigated: false @@ -66304,14 +102548,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Open Pro, Som10 VA30 / VA40 + - vendor: STERIS + product: Harmony iQ Perspectives Image Management System cves: cve-2021-4104: investigated: false @@ -66334,14 +102577,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Sim, Som10 VA30 / VA40 + - vendor: STERIS + product: HexaVue cves: cve-2021-4104: investigated: false @@ -66364,14 +102606,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Top, Som10 VA20 / VA20A_SP5 / VA30 / VA40 + - vendor: STERIS + product: HexaVue Integration System cves: cve-2021-4104: investigated: false @@ -66394,14 +102635,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Up, Som10 VA10 / VA20 / VA30 / VA40 + - vendor: STERIS + product: IDSS Integration System cves: cve-2021-4104: investigated: false @@ -66424,15 +102664,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM AERA 1,5T, MAGNETOM PRISMA, MAGNETOM PRISMA FIT, MAGNETOM SKYRA - 3T NUMARIS/X VA30A + - vendor: STERIS + product: RapidAER cves: cve-2021-4104: investigated: false @@ -66455,15 +102693,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Altea NUMARIS/X VA20A + - vendor: STERIS + product: ReadyTracker cves: cve-2021-4104: investigated: false @@ -66486,16 +102722,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM ALTEA, MAGNETOM LUMINA, MAGNETOM SOLA, MAGNETOM VIDA NUMARIS/X - VA31A + - vendor: STERIS + product: RealView Visual Workflow Management System cves: cve-2021-4104: investigated: false @@ -66518,15 +102751,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Amira NUMARIS/X VA12M + - vendor: STERIS + product: RELIANCE 444 WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -66549,15 +102780,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Free.Max NUMARIS/X VA40 + - vendor: STERIS + product: RELIANCE SYNERGY WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -66580,15 +102809,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Lumina NUMARIS/X VA20A + - vendor: STERIS + product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -66611,15 +102838,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Sempra NUMARIS/X VA12M + - vendor: STERIS + product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -66642,15 +102867,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Sola fit NUMARIS/X VA20A + - vendor: STERIS + product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -66673,15 +102896,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Sola NUMARIS/X VA20A + - vendor: STERIS + product: Renatron cves: cve-2021-4104: investigated: false @@ -66704,15 +102925,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Vida fit NUMARIS/X VA20A + - vendor: STERIS + product: ScopeBuddy+ cves: cve-2021-4104: investigated: false @@ -66735,15 +102954,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Vida NUMARIS/X VA10A* / VA20A + - vendor: STERIS + product: SecureCare ProConnect Technical Support Services cves: cve-2021-4104: investigated: false @@ -66766,15 +102983,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A + - vendor: STERIS + product: Situational Awareness for Everyone Display (S.A.F.E.) cves: cve-2021-4104: investigated: false @@ -66797,13 +103012,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Somatom Emotion Som5 VC50 + - vendor: STERIS + product: SPM Surgical Asset Tracking Software cves: cve-2021-4104: investigated: false @@ -66826,13 +103041,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Somatom Scope Som5 VC50 + - vendor: STERIS + product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM cves: cve-2021-4104: investigated: false @@ -66855,13 +103070,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A + - vendor: STERIS + product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -66884,13 +103099,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Syngo MobileViewer VA10A + - vendor: STERIS + product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -66913,14 +103128,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: The vulnerability will be patch/mitigated in upcoming releases\patches. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 - / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 + - vendor: STERIS + product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -66943,14 +103157,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 + - vendor: STERIS + product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -66973,16 +103186,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: Please contact your Customer Service to get support on mitigating the vulnerability. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B - / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 - / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 + - vendor: STERIS + product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -67005,13 +103215,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo.via WebViewer VA13B / VA20A / VA20B + - vendor: STERIS + product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS cves: cve-2021-4104: investigated: false @@ -67034,13 +103244,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: X.Ceed Somaris 10 VA40* + - vendor: Sterling Order IBM + product: '' cves: cve-2021-4104: investigated: false @@ -67063,14 +103273,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.ibm.com/support/pages/node/6525544 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: X.Cite Somaris 10 VA30*/VA40* + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Storagement + product: '' cves: cve-2021-4104: investigated: false @@ -67093,14 +103302,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.storagement.de/index.php?action=topicofthemonth&site=log4j + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens - product: Affected Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: StormShield + product: '' cves: cve-2021-4104: investigated: false @@ -67123,14 +103331,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://www.stormshield.com/news/log4shell-security-alert-stormshield-product-response/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens - product: Affected Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: StrangeBee TheHive & Cortex + product: '' cves: cve-2021-4104: investigated: false @@ -67153,13 +103360,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://blog.strangebee.com/apache-log4j-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Sierra Wireless + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Stratodesk product: '' cves: cve-2021-4104: @@ -67183,13 +103389,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/ + - http://cdn.stratodesk.com/repository/notouch-center/10/4.5.231/0/ReleaseNotes-Stratodesk-NoTouch_Center-4.5.231.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Sierra Wireless - product: AirVantage and Octave cloud platforms + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Strimzi + product: '' cves: cve-2021-4104: investigated: false @@ -67212,14 +103418,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs - notes: These systems do not operate with the specific non-standard configuration - required for CVE-2021-25046 and hence were not vulnerable to it. + - https://strimzi.io/blog/2021/12/14/strimzi-and-log4shell/ + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Sierra Wireless - product: AM/AMM servers + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Stripe + product: '' cves: cve-2021-4104: investigated: false @@ -67242,12 +103447,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs + - https://support.stripe.com/questions/update-for-apache-log4j-vulnerability-(cve-2021-44228) notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Signald + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Styra product: '' cves: cve-2021-4104: @@ -67271,13 +103476,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gitlab.com/signald/signald/-/issues/259 + - https://blog.styra.com/blog/newest-log4j-security-vulnerability-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Silver Peak - product: Orchestrator, Silver Peak GMS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sumologic + product: '' cves: cve-2021-4104: investigated: false @@ -67300,15 +103505,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf - notes: Customer managed Orchestrator and legacy GMS products are affected by this - vulnerability. This includes on-premise and customer managed instances running - in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective - Action Required for details about how to mitigate this exploit. + - https://docs.google.com/document/d/e/2PACX-1vSdeODZ2E5k0aZgHm06OJWhDQWgtxxB0ZIrTsuQjg5xaoxlogmTVGdOWoSFtDlZBdHzY6ET6k6Sk-g1/pub + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: SingleWire + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SumoLogic product: '' cves: cve-2021-4104: @@ -67332,13 +103534,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://help.sumologic.com/Release-Notes/Collector-Release-Notes#december-11-2021-19-361-12 + notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SISCO + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Superna EYEGLASS product: '' cves: cve-2021-4104: @@ -67362,12 +103563,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sisconet.com/sisco-news/log4j/ + - https://manuals.supernaeyeglass.com/project-technical-advisories-all-products/HTML/technical-advisories.html#h2__1912345025 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Sitecore + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Suprema Inc product: '' cves: cve-2021-4104: @@ -67391,12 +103592,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001391 + - https://www.supremainc.com/en/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Skillable + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SUSE product: '' cves: cve-2021-4104: @@ -67420,12 +103621,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://skillable.com/log4shell/ + - https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SLF4J + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sweepwidget product: '' cves: cve-2021-4104: @@ -67449,13 +103650,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://slf4j.org/log4shell.html + - https://sweepwidget.com/view/23032-v9f40ns1/4zow83-23032 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Slurm - product: Slurm + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Swyx + product: '' cves: cve-2021-4104: investigated: false @@ -67463,11 +103664,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 20.11.8 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -67479,12 +103679,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://slurm.schedmd.com/documentation.html + - https://service.swyx.net/hc/de/articles/4412323539474 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: SMA Solar Technology AG + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Synchro MSP product: '' cves: cve-2021-4104: @@ -67508,12 +103708,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://files.sma.de/downloads/HK_Log4j-en-10.pdf?_ga=2.237963714.352491368.1640298543-2015796445.1640298540 + - https://community.syncromsp.com/t/log4j-rce-cve-2021-4428/1350 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: SmartBear + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Syncplify product: '' cves: cve-2021-4104: @@ -67537,12 +103737,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://smartbear.com/security/cve-2021-44228/ + - https://blog.syncplify.com/no-we-are-not-affected-by-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SmileCDR + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Synology product: '' cves: cve-2021-4104: @@ -67566,12 +103766,41 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 + - https://www.synology.com/en-global/security/advisory/Synology_SA_21_30 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Sn0m + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Synopsys + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Syntevo product: '' cves: cve-2021-4104: @@ -67595,13 +103824,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ + - https://www.syntevo.com/blog/?p=5240 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Snakemake - product: Snakemake + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SysAid + product: '' cves: cve-2021-4104: investigated: false @@ -67609,11 +103838,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 6.12.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -67625,13 +103853,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://snakemake.readthedocs.io/en/stable/ + - https://www.sysaid.com/lp/important-update-regarding-apache-log4j notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Snow Software - product: Snow Commander + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sysdig + product: '' cves: cve-2021-4104: investigated: false @@ -67639,10 +103867,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 8.1 to 8.10.2 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -67655,13 +103882,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS + - https://sysdig.com/blog/cve-critical-vulnerability-log4j/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Snow Software - product: VM Access Proxy + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tableau + product: Tableau Bridge cves: cve-2021-4104: investigated: false @@ -67670,9 +103897,21 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - v3.1 to v3.6 + affected_versions: + - 'The following versions and lower: 20214.21.1109.1748' + - 20213.21.1112.1434 + - 20212.21.0818.1843 + - 20211.21.0617.1133 + - 20204.21.0217.1203 + - 20203.20.0913.2112 + - 20202.20.0721.1350 + - 20201.20.0614.2321 + - 20194.20.0614.2307 + - 20193.20.0614.2306 + - 20192.19.0917.1648 + - 20191.19.0402.1911 + - 20183.19.0115.1143 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -67685,13 +103924,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Snowflake - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Tableau + product: Tableau Desktop cves: cve-2021-4104: investigated: false @@ -67699,8 +103938,21 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'The following versions and lower: 2021.4' + - 2021.3.4 + - 2021.2.5 + - 2021.1.8 + - 2020.4.11 + - 2020.3.14 + - 2020.2.19 + - 2020.1.22 + - 2019.4.25 + - 2019.3.26 + - 2019.2.29 + - 2019.1.29 + - 2018.3.29 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67714,13 +103966,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228 + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Snyk - product: Cloud Platform + last_updated: '2021-12-22T00:00:00' + - vendor: Tableau + product: Tableau Prep Builder cves: cve-2021-4104: investigated: false @@ -67728,8 +103980,21 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'The following versions and lower: 22021.4.1' + - 2021.3.2 + - 2021.2.2 + - 2021.1.4 + - 2020.4.1 + - 2020.3.3 + - 2020.2.3 + - 2020.1.5 + - 2019.4.2 + - 2019.3.2 + - 2019.2.3 + - 2019.1.4 + - 2018.3.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67743,13 +104008,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499 + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Software AG - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Tableau + product: Tableau Public Desktop Client cves: cve-2021-4104: investigated: false @@ -67757,8 +104022,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'The following versions and lower: 2021.4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67772,13 +104038,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849 + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SolarWinds - product: Database Performance Analyzer (DPA) + last_updated: '2021-12-22T00:00:00' + - vendor: Tableau + product: Tableau Reader cves: cve-2021-4104: investigated: false @@ -67788,9 +104054,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2021.1.x - - 2021.3.x - - 2022.1.x + - 'The following versions and lower: 2021.4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67804,13 +104068,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 - notes: 'For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: SolarWinds - product: Orion Platform + last_updated: '2021-12-22T00:00:00' + - vendor: Tableau + product: Tableau Server cves: cve-2021-4104: investigated: false @@ -67818,8 +104082,21 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'The following versions and lower: 2021.4' + - 2021.3.4 + - 2021.2.5 + - 2021.1.8 + - 2020.4.11 + - 2020.3.14 + - 2020.2.19 + - 2020.1.22 + - 2019.4.25 + - 2019.3.26 + - 2019.2.29 + - 2019.1.29 + - 2018.3.29 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67833,13 +104110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: SolarWinds - product: Server & Application Monitor (SAM) + last_updated: '2021-12-22T00:00:00' + - vendor: Talend + product: '' cves: cve-2021-4104: investigated: false @@ -67847,9 +104124,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - SAM 2020.2.6 and later + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67863,14 +104139,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 - notes: 'For more information, please see the following KB article for the latest - details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' + - https://jira.talendforge.org/browse/TCOMP-2054 + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: SonarSource - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tanium + product: All cves: cve-2021-4104: investigated: false @@ -67878,10 +104153,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -67893,13 +104169,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 - notes: '' + - https://tanium.my.salesforce.com/sfc/p/#60000000IYkG/a/7V000000PeT8/8C98AHl7wP5_lpUwp3qmY5sSdwXx6wG6LE4gPYlxO8c + notes: Tanium does not use Log4j. references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Sonatype - product: All Products + last_updated: '2021-12-21T00:00:00' + - vendor: TealiumIQ + product: '' cves: cve-2021-4104: investigated: false @@ -67907,11 +104183,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -67923,17 +104198,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.sonatype.com/docs/important-announcements/sonatype-product-log4j-vulnerability-status - notes: Sonatype uses logback as the default logging solution as opposed to log4j. - This means our software including Nexus Lifecycle, Nexus Firewall, Nexus Repository - OSS and Nexus Repository Pro in versions 2.x and 3.x are NOT affected by the - reported log4j vulnerabilities. We still advise keeping your software upgraded - at the latest version. + - https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824 + notes: '' references: - '' - last_updated: '2021-12-29T00:00:00' - - vendor: SonicWall - product: Access Points + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TeamPasswordManager + product: '' cves: cve-2021-4104: investigated: false @@ -67956,13 +104227,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SonicWall Access Points + - https://teampasswordmanager.com/blog/log4j-vulnerability/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Teamviewer + product: '' cves: cve-2021-4104: investigated: false @@ -67985,13 +104256,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://www.teamviewer.com/en/trust-center/security-bulletins/hotfix-log4j2-issue/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Analyzer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tech Software + product: OneAegis (f/k/a IRBManager) cves: cve-2021-4104: investigated: false @@ -67999,10 +104270,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -68014,13 +104286,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://support.techsoftware.com/hc/en-us/articles/4412825948179 + notes: OneAegis does not use Log4j. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Capture Client & Capture Client Portal + last_updated: '2021-12-15T00:00:00' + - vendor: Tech Software + product: SMART cves: cve-2021-4104: investigated: false @@ -68028,10 +104300,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -68043,13 +104316,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the Capture Client. + - https://support.techsoftware.com/hc/en-us/articles/4412825948179 + notes: SMART does not use Log4j. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Capture Security Appliance + last_updated: '2021-12-15T00:00:00' + - vendor: Tech Software + product: Study Binders cves: cve-2021-4104: investigated: false @@ -68057,10 +104330,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -68072,13 +104346,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the Capture Security appliance. + - https://support.techsoftware.com/hc/en-us/articles/4412825948179 + notes: Study Binders does not use Log4j. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: CAS + last_updated: '2021-12-15T00:00:00' + - vendor: TechSmith + product: '' cves: cve-2021-4104: investigated: false @@ -68101,13 +104375,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://support.techsmith.com/hc/en-us/articles/4416620527885?input_string=log4j + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Email Security + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Telestream + product: '' cves: cve-2021-4104: investigated: false @@ -68130,13 +104404,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: ES 10.0.11 and earlier versions are impacted + - http://www.telestream.net/telestream-support/Apache-Log4j2-Bulletin.htm + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SonicWall - product: Gen5 Firewalls (EOS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tenable + product: Tenable.io / Nessus cves: cve-2021-4104: investigated: false @@ -68159,13 +104433,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the appliance. + - https://www.tenable.com/log4j + notes: None of Tenable’s products are running the version of Log4j vulnerable + to CVE-2021-44228 or CVE-2021-45046 at this time references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Gen6 Firewalls + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Thales + product: CADP/SafeNet Protect App (PA) - JCE cves: cve-2021-4104: investigated: false @@ -68188,13 +104463,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the appliance. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Gen7 Firewalls + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core cves: cve-2021-4104: investigated: false @@ -68217,13 +104492,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the appliance. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: GMS + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Batch Data Transformation (BDT) 2.3 cves: cve-2021-4104: investigated: false @@ -68246,13 +104521,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: MSW + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Cloud Key Manager (CCKM) Appliance cves: cve-2021-4104: investigated: false @@ -68275,13 +104550,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Mysonicwall service doesn't use Log4j + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: NSM + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Cloud Key Manager (CCKM) Embedded cves: cve-2021-4104: investigated: false @@ -68304,13 +104579,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: NSM On-Prem and SaaS doesn't use a vulnerable version + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SMA 100 + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Database Protection cves: cve-2021-4104: investigated: false @@ -68333,13 +104608,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SMA100 appliance. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SMA 1000 + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Manager cves: cve-2021-4104: investigated: false @@ -68362,13 +104637,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Version 12.1.0 and 12.4.1 doesn't use a vulnerable version + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SonicCore + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) cves: cve-2021-4104: investigated: false @@ -68391,13 +104666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: SonicCore doesn't use a Log4j2 + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SonicWall Switch + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager cves: cve-2021-4104: investigated: false @@ -68420,13 +104695,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SonicWall Switch. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: WAF + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Vaultless Tokenization (CTS, CT-VL) cves: cve-2021-4104: investigated: false @@ -68449,13 +104724,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: WNM + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust/SafeNet PDBCTL cves: cve-2021-4104: investigated: false @@ -68478,13 +104753,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the WNM. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: WXA + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Crypto Command Center (CCC) cves: cve-2021-4104: investigated: false @@ -68507,13 +104782,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: WXA doesn't use a vulnerable version + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Cloud Optix + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Data Protection on Demand cves: cve-2021-4104: investigated: false @@ -68536,15 +104811,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Users may have noticed a brief outage around 12:30 GMT as updates were - deployed. There was no evidence that the vulnerability was exploited and to - our knowledge no customers are impacted. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Reflexion + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Data Security Manager (DSM) cves: cve-2021-4104: investigated: false @@ -68567,13 +104840,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Reflexion does not run an exploitable configuration. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: SG UTM (all versions) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: KeySecure cves: cve-2021-4104: investigated: false @@ -68596,13 +104869,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos SG UTM does not use Log4j. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: SG UTM Manager (SUM) (all versions) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Luna EFT cves: cve-2021-4104: investigated: false @@ -68610,11 +104883,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68626,13 +104898,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: SUM does not use Log4j. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Central + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Luna Network, PCIe, Luna USB HSM and backup devices cves: cve-2021-4104: investigated: false @@ -68655,13 +104927,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Central does not run an exploitable configuration. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Firewall (all versions) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Luna SP cves: cve-2021-4104: investigated: false @@ -68684,13 +104956,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Firewall does not use Log4j. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Home + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: payShield Monitor cves: cve-2021-4104: investigated: false @@ -68713,13 +104985,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Home does not use Log4j. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Mobile + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: ProtectServer HSMs cves: cve-2021-4104: investigated: false @@ -68742,14 +105014,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable - configuration. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Mobile EAS Proxy + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Authentication Client cves: cve-2021-4104: investigated: false @@ -68757,9 +105028,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 9.7.2 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68773,17 +105043,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers - will need to download and install version 9.7.2, available from Monday December - 13, 2021, on the same machine where it is currently running. PowerShell mode - is not affected. Customers can download the Standalone EAS Proxy Installer version - 9.7.2 from the Sophos website. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos ZTNA + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet eToken (all products) cves: cve-2021-4104: investigated: false @@ -68806,13 +105072,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos ZTNA does not use Log4j. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SOS Berlin - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet IDPrime Virtual cves: cve-2021-4104: investigated: false @@ -68835,13 +105101,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Spacelabs Healthcare - product: ABP + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet IDPrime(all products) cves: cve-2021-4104: investigated: false @@ -68849,45 +105115,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - OnTrak - - 90217A - - and 90207 - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: '' - references: - - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: CardioExpress - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - SL6A - - SL12A - - and SL18A cve-2021-45046: investigated: false affected_versions: [] @@ -68899,13 +105130,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: DM3 and DM4 Monitors + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet LUKS cves: cve-2021-4104: investigated: false @@ -68928,13 +105159,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Eclipse Pro + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet PKCS#11 and TDE cves: cve-2021-4104: investigated: false @@ -68957,13 +105188,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: EVO + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core cves: cve-2021-4104: investigated: false @@ -68986,13 +105217,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet ProtectDB (PDB) cves: cve-2021-4104: investigated: false @@ -69015,13 +105246,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) Clinical Access Workstations + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Safenet ProtectFile and ProtectFile- Fuse cves: cve-2021-4104: investigated: false @@ -69044,13 +105275,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Lifescreen Pro + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet ProtectV cves: cve-2021-4104: investigated: false @@ -69073,13 +105304,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Pathfinder SL + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet SQL EKM cves: cve-2021-4104: investigated: false @@ -69102,13 +105333,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Qube + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Transform Utility (TU) cves: cve-2021-4104: investigated: false @@ -69116,11 +105347,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91390' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69132,13 +105362,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Qube Mini + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Trusted Access (STA) cves: cve-2021-4104: investigated: false @@ -69146,11 +105376,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91389' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69162,13 +105391,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: SafeNSound + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Vaultless Tokenization cves: cve-2021-4104: investigated: false @@ -69176,10 +105405,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 4.3.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -69192,13 +105420,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: Version >4.3.1 - Not Affected + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Sentinel + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SAS on Prem (SPE/PCE) cves: cve-2021-4104: investigated: false @@ -69221,13 +105449,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Spacelabs Cloud + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Connect cves: cve-2021-4104: investigated: false @@ -69250,13 +105478,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Ultraview SL + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel EMS Enterprise aaS cves: cve-2021-4104: investigated: false @@ -69264,14 +105492,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91367' - - '91369' - - '91370' - - and 91387 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69283,13 +105507,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Xhibit Telemetry Receiver (XTR) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel EMS Enterprise OnPremise cves: cve-2021-4104: investigated: false @@ -69297,11 +105521,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '96280' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69313,13 +105536,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Xhibit, XC4 + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Envelope cves: cve-2021-4104: investigated: false @@ -69327,12 +105550,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Xhibit 96102 - - XC4 96501 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69344,13 +105565,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: XprezzNet + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel ESDaaS cves: cve-2021-4104: investigated: false @@ -69358,11 +105579,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '96190' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69374,13 +105594,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Xprezzon + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel HASP, Legacy dog, Maze, Hardlock cves: cve-2021-4104: investigated: false @@ -69388,11 +105608,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91393' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69404,13 +105623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spambrella - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel LDK EMS (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -69433,13 +105652,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spambrella.com/faq/status-of-spambrella-products-with-cve-2021-44228/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Spigot - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel LDKaas (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -69462,13 +105681,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Splunk - product: Data Stream Processor + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Professional Services components (both Thales hosted & hosted + on-premises by customers) cves: cve-2021-4104: investigated: false @@ -69476,11 +105696,66 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - DSP 1.0.x - - DSP 1.1.x - - DSP 1.2.x + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel RMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel SCL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69494,13 +105769,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Superdog, SuperPro, UltraPro, SHK cves: cve-2021-4104: investigated: false @@ -69508,11 +105783,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '4.11' - - 4.10.x (Cloud only) - - 4.9.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69526,13 +105798,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Up cves: cve-2021-4104: investigated: false @@ -69540,15 +105812,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 4.11.0 - - 4.10.x (Cloud only) - - 4.9.x - - 4.8.x (Cloud only) - - 4.7.x - - 4.6.x - - 4.5.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69562,13 +105827,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Thales Data Platform (TDP)(DDC) cves: cve-2021-4104: investigated: false @@ -69576,9 +105841,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 5.2.0 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69592,13 +105856,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Thales payShield 10k cves: cve-2021-4104: investigated: false @@ -69606,9 +105870,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 3.0.0 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69622,13 +105885,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Application Performance Monitoring + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Thales payShield 9000 cves: cve-2021-4104: investigated: false @@ -69636,9 +105899,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69652,13 +105914,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Connect for Kafka + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Thales payShield Manager cves: cve-2021-4104: investigated: false @@ -69666,9 +105928,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions prior to 2.0.4 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69682,13 +105943,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Enterprise (including instance types like Heavy Forwarders) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Vormetirc Key Manager (VKM) cves: cve-2021-4104: investigated: false @@ -69696,11 +105957,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All supported non-Windows versions of 8.1.x and 8.2.x only if DFS is used. - See Removing Log4j from Splunk Enterprise below for guidance on unsupported - versions. + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69714,13 +105972,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Enterprise Amazon Machine Image (AMI) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Vormetric Application Encryption (VAE) cves: cve-2021-4104: investigated: false @@ -69728,9 +105986,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - See Splunk Enterprise + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69744,13 +106001,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Enterprise Docker Container + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Vormetric Protection for Terradata Database (VPTD) cves: cve-2021-4104: investigated: false @@ -69758,9 +106015,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - See Splunk Enterprise + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69774,13 +106030,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Infrastructure Monitoring + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Vormetric Tokenization Server (VTS) cves: cve-2021-4104: investigated: false @@ -69788,9 +106044,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69804,13 +106059,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Log Observer + last_updated: '2021-12-17T00:00:00' + - vendor: Thermo Fisher Scientific + product: '' cves: cve-2021-4104: investigated: false @@ -69818,9 +106073,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69834,13 +106088,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Logging Library for Java + last_updated: '2021-12-22T00:00:00' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -69849,10 +106103,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.11.0 and older + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2022a cve-2021-45046: investigated: false affected_versions: [] @@ -69864,13 +106118,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal, Install the 2022a patch when available references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk On-call / VictorOps + last_updated: '2021-12-22T00:00:00' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -69879,10 +106133,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Current + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2021b cve-2021-45046: investigated: false affected_versions: [] @@ -69894,13 +106148,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) + last_updated: '2021-12-22T00:00:00' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -69909,10 +106163,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.0.3 and older + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2018b to 2021a cve-2021-45046: investigated: false affected_versions: [] @@ -69924,13 +106178,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal, delete the Log4j 2 files in the program installation + if required, see advisory for instructions. references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) + last_updated: '2021-12-22T00:00:00' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -69939,10 +106194,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.2.1 and older + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2018a and earlier cve-2021-45046: investigated: false affected_versions: [] @@ -69954,13 +106209,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Real User Monitoring + last_updated: '2021-12-22T00:00:00' + - vendor: Thomson Reuters + product: HighQ Appliance cves: cve-2021-4104: investigated: false @@ -69970,7 +106225,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - <3.5 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69984,13 +106239,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html - notes: '' + - https://highqsolutions.zendesk.com + notes: Reported by vendor - Documentation is in vendor's client portal (login + required). This advisory is available to customer only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) + last_updated: '2021-12-20T00:00:00' + - vendor: ThreatLocker + product: '' cves: cve-2021-4104: investigated: false @@ -69998,9 +106255,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 3.0.0 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70014,13 +106270,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://threatlocker.kb.help/log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Synthetics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ThycoticCentrify + product: Account Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -70029,10 +106285,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Current + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -70044,13 +106300,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk UBA OVA Software + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Cloud Suite cves: cve-2021-4104: investigated: false @@ -70059,11 +106315,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 5.0.3a - - 5.0.0 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -70075,13 +106330,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Connection Manager cves: cve-2021-4104: investigated: false @@ -70090,10 +106345,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.1.1 and older + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -70105,13 +106360,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Sprecher Automation - product: '' + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: DevOps Secrets Vault cves: cve-2021-4104: investigated: false @@ -70119,10 +106374,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -70134,13 +106390,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sprecher-automation.com/en/it-security/security-alerts + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Spring Boot - product: '' + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Password Reset Server cves: cve-2021-4104: investigated: false @@ -70148,10 +106404,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -70163,13 +106420,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Spring - product: Spring Boot + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Privilege Manager cves: cve-2021-4104: investigated: false @@ -70177,10 +106434,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -70192,14 +106450,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot - notes: Spring Boot users are only affected by this vulnerability if they have - switched the default logging system to Log4J2 + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: StarDog - product: '' + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Privileged Behavior Analytics cves: cve-2021-4104: investigated: false @@ -70207,10 +106464,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -70222,13 +106480,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.stardog.com/t/stardog-7-8-1-available/3411 + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: STERIS - product: Advantage + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Secret Server cves: cve-2021-4104: investigated: false @@ -70236,10 +106494,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -70251,13 +106510,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Advantage Plus + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Server Suite cves: cve-2021-4104: investigated: false @@ -70265,10 +106524,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -70280,13 +106540,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 2000 SERIES WASHER DISINFECTORS + last_updated: '2021-12-10T00:00:00' + - vendor: Tibco + product: '' cves: cve-2021-4104: investigated: false @@ -70309,13 +106569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 3000 SERIES WASHER DISINFECTORS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Top Gun Technology (TGT) + product: '' cves: cve-2021-4104: investigated: false @@ -70338,13 +106598,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.topgun-tech.com/technical-bulletin-apache-software-log4j-security-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 400 MEDIUM STEAM STERILIZER + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TopDesk + product: '' cves: cve-2021-4104: investigated: false @@ -70367,13 +106627,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://my.topdesk.com/tas/public/ssp/content/detail/knowledgeitem?unid=74952771dfab4b0794292e63b0409314 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 400 SMALL STEAM STERILIZERS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Topicus Security + product: Topicus KeyHub cves: cve-2021-4104: investigated: false @@ -70381,10 +106641,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -70396,13 +106657,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://blog.topicus-keyhub.com/topicus-keyhub-is-not-vulnerable-to-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 5000 SERIES WASHER DISINFECTORS + last_updated: '2021-12-20T00:00:00' + - vendor: Topix + product: '' cves: cve-2021-4104: investigated: false @@ -70425,13 +106686,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.topix.de/de/technik/systemfreigaben.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 600 MEDIUM STEAM STERILIZER + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tosibox + product: '' cves: cve-2021-4104: investigated: false @@ -70454,13 +106715,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://helpdesk.tosibox.com/support/solutions/articles/2100050946-security-advisory-on-vulnerability-in-apache-log4j-library-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 7000 SERIES WASHER DISINFECTORS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TPLink + product: Omega Controller cves: cve-2021-4104: investigated: false @@ -70468,8 +106729,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Linux/Windows(all) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70483,13 +106745,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://www.tp-link.com/us/support/faq/3255 + notes: 'Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as + potential workaround. Though that should now be done with 2.16' references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO CENTURY MEDIUM STEAM STERILIZER + - '[Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452),[Reddit + Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j)' + last_updated: '2021-12-15T00:00:00' + - vendor: TrendMicro + product: All cves: cve-2021-4104: investigated: false @@ -70512,13 +106776,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://success.trendmicro.com/solution/000289940 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO CENTURY SMALL STEAM STERILIZER + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tricentis Tosca + product: '' cves: cve-2021-4104: investigated: false @@ -70541,42 +106805,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://support-hub.tricentis.com/open?number=NEW0001148&id=post notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tridium + product: '' cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf + notes: Document access requires authentication. CISA is not able to validate vulnerability + status. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER + last_updated: '2022-01-19T00:00:00' + - vendor: Trimble + product: eCognition cves: cve-2021-4104: investigated: false @@ -70584,8 +106849,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 10.2.0 Build 4618 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70598,14 +106864,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + vendor_links: [] + notes: Remediation steps provided by Trimble references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER + last_updated: '2021-12-23T00:00:00' + - vendor: Tripp Lite + product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, + SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) cves: cve-2021-4104: investigated: false @@ -70628,13 +106894,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Canexis 1.0 + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlert Local (PAL) cves: cve-2021-4104: investigated: false @@ -70657,13 +106923,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + vulnerability. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CELERITY HP INCUBATOR + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlert Network Management System (PANMS) cves: cve-2021-4104: investigated: false @@ -70686,13 +106953,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + vulnerability. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CELERITY STEAM INCUBATOR + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlert Network Shutdown Agent (PANSA) cves: cve-2021-4104: investigated: false @@ -70715,13 +106983,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + vulnerability. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CER Optima + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlertElement Manager (PAEM) cves: cve-2021-4104: investigated: false @@ -70729,8 +106998,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70744,13 +107014,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which + will contain a patched version of Log4j2 references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Clarity Software + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or + embedded SNMPWEBCARD cves: cve-2021-4104: investigated: false @@ -70773,13 +107045,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Connect Software + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: TLNETCARD and associated software cves: cve-2021-4104: investigated: false @@ -70802,13 +107074,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ConnectAssure Technology + last_updated: '2022-01-04T00:00:00' + - vendor: Tripwire + product: '' cves: cve-2021-4104: investigated: false @@ -70831,13 +107103,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.tripwire.com/log4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ConnectoHIS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TrueNAS + product: '' cves: cve-2021-4104: investigated: false @@ -70860,13 +107132,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.truenas.com/community/threads/log4j-vulnerability.97359/post-672559 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CS-iQ Sterile Processing Workflow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tufin + product: '' cves: cve-2021-4104: investigated: false @@ -70889,13 +107161,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://portal.tufin.com/articles/SecurityAdvisories/Apache-Log4Shell-Vulnerability-12-12-2021 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: DSD Edge + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TYPO3 + product: '' cves: cve-2021-4104: investigated: false @@ -70918,13 +107190,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://typo3.org/article/typo3-psa-2021-004 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: DSD-201, + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ubiquiti + product: UniFi Network Application cves: cve-2021-4104: investigated: false @@ -70932,10 +107204,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - 6.5.53 & lower versions + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ubiquiti + product: UniFi Network Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 6.5.54 & lower versions + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -70947,13 +107250,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e notes: '' references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: EndoDry + - 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation + for mitigatin log4j vulnerabilities by updating to log4j 2.16.0 + last_updated: '2021-12-15T00:00:00' + - vendor: Ubuntu + product: '' cves: cve-2021-4104: investigated: false @@ -70976,13 +107280,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://ubuntu.com/security/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Endora + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: UiPath + product: InSights cves: cve-2021-4104: investigated: false @@ -70990,8 +107294,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '20.10' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71005,13 +107310,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Harmony iQ Integration Systems + last_updated: '2021-12-15T00:00:00' + - vendor: Umbraco + product: '' cves: cve-2021-4104: investigated: false @@ -71034,13 +107339,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Harmony iQ Perspectives Image Management System + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: UniFlow + product: '' cves: cve-2021-4104: investigated: false @@ -71063,13 +107368,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.uniflow.global/en/security/security-and-maintenance/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: HexaVue + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Unify ATOS + product: '' cves: cve-2021-4104: investigated: false @@ -71092,13 +107397,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: HexaVue Integration System + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Unimus + product: '' cves: cve-2021-4104: investigated: false @@ -71121,13 +107426,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: IDSS Integration System + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: USSIGNAL MSP + product: '' cves: cve-2021-4104: investigated: false @@ -71150,13 +107455,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://ussignal.com/blog/apache-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RapidAER + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Varian + product: Acuity cves: cve-2021-4104: investigated: false @@ -71165,7 +107470,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71179,13 +107485,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ReadyTracker + - vendor: Varian + product: ARIA Connect (Cloverleaf) cves: cve-2021-4104: investigated: false @@ -71193,10 +107499,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71208,13 +107515,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RealView Visual Workflow Management System + - vendor: Varian + product: ARIA eDOC cves: cve-2021-4104: investigated: false @@ -71222,10 +107529,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71237,13 +107545,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE 444 WASHER DISINFECTOR + - vendor: Varian + product: ARIA oncology information system for Medical Oncology cves: cve-2021-4104: investigated: false @@ -71251,10 +107559,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ARIA oncology information system for Radiation Oncology + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71266,13 +107605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE SYNERGY WASHER DISINFECTOR + - vendor: Varian + product: ARIA Radiation Therapy Management System (RTM) cves: cve-2021-4104: investigated: false @@ -71280,10 +107619,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71295,13 +107635,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS + - vendor: Varian + product: Bravos Console cves: cve-2021-4104: investigated: false @@ -71309,10 +107649,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71324,13 +107665,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR + - vendor: Varian + product: Clinac cves: cve-2021-4104: investigated: false @@ -71339,7 +107680,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71353,13 +107695,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR + - vendor: Varian + product: Cloud Planner cves: cve-2021-4104: investigated: false @@ -71367,10 +107709,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71382,13 +107725,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Renatron + - vendor: Varian + product: DITC cves: cve-2021-4104: investigated: false @@ -71397,7 +107740,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71411,13 +107755,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ScopeBuddy+ + - vendor: Varian + product: DoseLab cves: cve-2021-4104: investigated: false @@ -71425,10 +107769,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71440,13 +107785,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: SecureCare ProConnect Technical Support Services + - vendor: Varian + product: Eclipse treatment planning software cves: cve-2021-4104: investigated: false @@ -71454,10 +107799,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71469,13 +107815,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Situational Awareness for Everyone Display (S.A.F.E.) + - vendor: Varian + product: ePeerReview cves: cve-2021-4104: investigated: false @@ -71484,7 +107830,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71498,13 +107845,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: SPM Surgical Asset Tracking Software + - vendor: Varian + product: Ethos cves: cve-2021-4104: investigated: false @@ -71512,10 +107859,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71527,13 +107875,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM + - vendor: Varian + product: FullScale oncology IT solutions cves: cve-2021-4104: investigated: false @@ -71542,7 +107890,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71556,13 +107905,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM + - vendor: Varian + product: Halcyon system cves: cve-2021-4104: investigated: false @@ -71571,7 +107920,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71585,13 +107935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM + - vendor: Varian + product: ICAP cves: cve-2021-4104: investigated: false @@ -71599,10 +107949,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71614,13 +107965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM + - vendor: Varian + product: Identify cves: cve-2021-4104: investigated: false @@ -71628,10 +107979,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71643,13 +107995,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM + - vendor: Varian + product: Information Exchange Manager (IEM) cves: cve-2021-4104: investigated: false @@ -71657,10 +108009,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71672,13 +108025,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM + - vendor: Varian + product: InSightive Analytics cves: cve-2021-4104: investigated: false @@ -71687,7 +108040,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71701,13 +108055,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS + - vendor: Varian + product: Large Integrated Oncology Network (LION) cves: cve-2021-4104: investigated: false @@ -71715,10 +108069,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71730,13 +108085,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Sterling Order IBM - product: '' + - vendor: Varian + product: Mobius3D platform cves: cve-2021-4104: investigated: false @@ -71744,10 +108099,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71759,13 +108115,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/support/pages/node/6525544 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Storagement - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: PaaS cves: cve-2021-4104: investigated: false @@ -71773,10 +108129,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71788,13 +108145,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.storagement.de/index.php?action=topicofthemonth&site=log4j + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: StormShield - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ProBeam cves: cve-2021-4104: investigated: false @@ -71802,10 +108159,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71817,13 +108175,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.stormshield.com/news/log4shell-security-alert-stormshield-product-response/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: StrangeBee TheHive & Cortex - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Qumulate cves: cve-2021-4104: investigated: false @@ -71831,10 +108189,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71846,13 +108205,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.strangebee.com/apache-log4j-cve-2021-44228/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Stratodesk - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Real-time Position Management (RPM) cves: cve-2021-4104: investigated: false @@ -71860,10 +108219,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71875,13 +108235,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://cdn.stratodesk.com/repository/notouch-center/10/4.5.231/0/ReleaseNotes-Stratodesk-NoTouch_Center-4.5.231.html + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Strimzi - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Respiratory Gating for Scanners (RGSC) cves: cve-2021-4104: investigated: false @@ -71889,10 +108249,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71904,13 +108265,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://strimzi.io/blog/2021/12/14/strimzi-and-log4shell/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Stripe - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: SmartConnect solution cves: cve-2021-4104: investigated: false @@ -71918,8 +108279,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71933,13 +108295,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.stripe.com/questions/update-for-apache-log4j-vulnerability-(cve-2021-44228) - notes: '' + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: 'See Knowledge Article: 000038850 on MyVarian' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Styra - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: SmartConnect solution Policy Server cves: cve-2021-4104: investigated: false @@ -71947,8 +108309,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71962,13 +108325,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.styra.com/blog/newest-log4j-security-vulnerability-cve-2021-44228-log4shell - notes: '' + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: 'See Knowledge Articles: 000038831 and 000038832 on MyVarian' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Sumologic - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: TrueBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -71976,10 +108339,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71991,13 +108355,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vSdeODZ2E5k0aZgHm06OJWhDQWgtxxB0ZIrTsuQjg5xaoxlogmTVGdOWoSFtDlZBdHzY6ET6k6Sk-g1/pub + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: SumoLogic - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: UNIQUE system cves: cve-2021-4104: investigated: false @@ -72006,7 +108370,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72020,13 +108385,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.sumologic.com/Release-Notes/Collector-Release-Notes#december-11-2021-19-361-12 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Superna EYEGLASS - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Varian Authentication and Identity Server (VAIS) cves: cve-2021-4104: investigated: false @@ -72034,10 +108399,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -72049,13 +108415,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://manuals.supernaeyeglass.com/project-technical-advisories-all-products/HTML/technical-advisories.html#h2__1912345025 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Suprema Inc - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Varian Managed Services Cloud cves: cve-2021-4104: investigated: false @@ -72064,7 +108430,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72078,13 +108445,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.supremainc.com/en/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: SUSE - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Varian Mobile App cves: cve-2021-4104: investigated: false @@ -72092,10 +108459,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '2.0' + - '2.5' cve-2021-45046: investigated: false affected_versions: [] @@ -72107,13 +108476,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Sweepwidget - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: VariSeed cves: cve-2021-4104: investigated: false @@ -72121,10 +108490,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -72136,13 +108506,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sweepwidget.com/view/23032-v9f40ns1/4zow83-23032 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Swyx - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Velocity cves: cve-2021-4104: investigated: false @@ -72150,10 +108520,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -72165,13 +108536,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://service.swyx.net/hc/de/articles/4412323539474 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Synchro MSP - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: VitalBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -72179,10 +108550,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -72194,13 +108566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.syncromsp.com/t/log4j-rce-cve-2021-4428/1350 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Syncplify - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Vitesse cves: cve-2021-4104: investigated: false @@ -72208,10 +108580,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -72223,13 +108596,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.syncplify.com/no-we-are-not-affected-by-log4j-vulnerability/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Synology - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: XMediusFax for ARIA oncology information system for Medical Oncology cves: cve-2021-4104: investigated: false @@ -72238,7 +108611,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72252,13 +108626,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.synology.com/en-global/security/advisory/Synology_SA_21_30 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Synopsys - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: XMediusFax for ARIA oncology information system for Radiation Oncology cves: cve-2021-4104: investigated: false @@ -72267,7 +108641,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72281,12 +108656,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Syntevo + last_updated: '2021-12-22T00:00:00' + - vendor: VArmour product: '' cves: cve-2021-4104: @@ -72310,12 +108685,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.syntevo.com/blog/?p=5240 + - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: SysAid + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Varnish Software product: '' cves: cve-2021-4104: @@ -72339,12 +108714,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sysaid.com/lp/important-update-regarding-apache-log4j + - https://docs.varnish-software.com/security/CVE-2021-44228-45046/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Sysdig + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Varonis product: '' cves: cve-2021-4104: @@ -72368,13 +108743,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sysdig.com/blog/cve-critical-vulnerability-log4j/ + - https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Tableau - product: Tableau Bridge + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Veeam + product: '' cves: cve-2021-4104: investigated: false @@ -72382,21 +108757,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'The following versions and lower: 20214.21.1109.1748' - - 20213.21.1112.1434 - - 20212.21.0818.1843 - - 20211.21.0617.1133 - - 20204.21.0217.1203 - - 20203.20.0913.2112 - - 20202.20.0721.1350 - - 20201.20.0614.2321 - - 20194.20.0614.2307 - - 20193.20.0614.2306 - - 20192.19.0917.1648 - - 20191.19.0402.1911 - - 20183.19.0115.1143 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72410,13 +108772,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://www.veeam.com/kb4254 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Desktop + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Venafi + product: '' cves: cve-2021-4104: investigated: false @@ -72424,21 +108786,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'The following versions and lower: 2021.4' - - 2021.3.4 - - 2021.2.5 - - 2021.1.8 - - 2020.4.11 - - 2020.3.14 - - 2020.2.19 - - 2020.1.22 - - 2019.4.25 - - 2019.3.26 - - 2019.2.29 - - 2019.1.29 - - 2018.3.29 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72452,13 +108801,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://support.venafi.com/hc/en-us/articles/4416213022733-Log4j-Zero-Day-Vulnerability-notice notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Prep Builder + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Veritas NetBackup + product: '' cves: cve-2021-4104: investigated: false @@ -72466,21 +108815,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'The following versions and lower: 22021.4.1' - - 2021.3.2 - - 2021.2.2 - - 2021.1.4 - - 2020.4.1 - - 2020.3.3 - - 2020.2.3 - - 2020.1.5 - - 2019.4.2 - - 2019.3.2 - - 2019.2.3 - - 2019.1.4 - - 2018.3.3 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72494,13 +108830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://www.veritas.com/content/support/en_US/article.100052070 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Public Desktop Client + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Vertica + product: '' cves: cve-2021-4104: investigated: false @@ -72508,9 +108844,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'The following versions and lower: 2021.4' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72524,43 +108859,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://forum.vertica.com/discussion/242512/vertica-security-bulletin-a-potential-vulnerability-has-been-identified-apache-log4j-library-used notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Reader + references: + - '' + last_updated: '2022-01-12T07:18:56+00:00' + - vendor: Video Insight Inc. + product: Video Insight cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 'The following versions and lower: 2021.4' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell - notes: '' + - https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability + notes: Video Insight is a part of Panasonic I-Pro. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Server + last_updated: '2022-01-19T00:00:00' + - vendor: Viso Trust + product: '' cves: cve-2021-4104: investigated: false @@ -72568,21 +108903,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'The following versions and lower: 2021.4' - - 2021.3.4 - - 2021.2.5 - - 2021.1.8 - - 2020.4.11 - - 2020.3.14 - - 2020.2.19 - - 2020.1.22 - - 2019.4.25 - - 2019.3.26 - - 2019.2.29 - - 2019.1.29 - - 2018.3.29 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72596,13 +108918,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://blog.visotrust.com/viso-trust-statement-re-cve-2021-44228-log4j-a4b9b5767492 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Talend - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: VMware + product: API Portal for VMware Tanzu cves: cve-2021-4104: investigated: false @@ -72610,8 +108932,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72625,13 +108948,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://jira.talendforge.org/browse/TCOMP-2054 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Tanium - product: All + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: App Metrics cves: cve-2021-4104: investigated: false @@ -72640,10 +108963,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.x fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -72655,13 +108978,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tanium.my.salesforce.com/sfc/p/#60000000IYkG/a/7V000000PeT8/8C98AHl7wP5_lpUwp3qmY5sSdwXx6wG6LE4gPYlxO8c - notes: Tanium does not use Log4j. + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: TealiumIQ - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Healthwatch for Tanzu Application Service cves: cve-2021-4104: investigated: false @@ -72669,8 +108992,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.x + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72684,13 +109009,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: TeamPasswordManager - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Single Sign-On for VMware Tanzu Application Service cves: cve-2021-4104: investigated: false @@ -72698,8 +109023,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72713,13 +109039,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://teampasswordmanager.com/blog/log4j-vulnerability/ + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Teamviewer - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Spring Cloud Gateway for Kubernetes cves: cve-2021-4104: investigated: false @@ -72727,8 +109053,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72742,13 +109069,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.teamviewer.com/en/trust-center/security-bulletins/hotfix-log4j2-issue/ + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Tech Software - product: OneAegis (f/k/a IRBManager) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Spring Cloud Gateway for VMware Tanzu cves: cve-2021-4104: investigated: false @@ -72757,10 +109084,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 1.x fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -72772,13 +109099,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.techsoftware.com/hc/en-us/articles/4412825948179 - notes: OneAegis does not use Log4j. + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Tech Software - product: SMART + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Spring Cloud Services for VMware Tanzu cves: cve-2021-4104: investigated: false @@ -72787,10 +109114,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 3.x fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -72802,13 +109129,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.techsoftware.com/hc/en-us/articles/4412825948179 - notes: SMART does not use Log4j. + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Tech Software - product: Study Binders + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: vCenter Server - OVA cves: cve-2021-4104: investigated: false @@ -72817,10 +109144,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 7.x + - 6.7.x + - 6.5.x fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -72832,13 +109161,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.techsoftware.com/hc/en-us/articles/4412825948179 - notes: Study Binders does not use Log4j. + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 + )' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: TechSmith - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: VMware + product: vCenter Server - Windows cves: cve-2021-4104: investigated: false @@ -72846,8 +109176,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.7.x + - 6.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72861,13 +109193,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.techsmith.com/hc/en-us/articles/4416620527885?input_string=log4j - notes: '' + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 + )' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Telestream - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: VMware + product: VMware Carbon Black Cloud Workload Appliance cves: cve-2021-4104: investigated: false @@ -72875,8 +109208,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72890,13 +109224,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://www.telestream.net/telestream-support/Apache-Log4j2-Bulletin.htm + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Tenable - product: Tenable.io / Nessus + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Carbon Black EDR Server cves: cve-2021-4104: investigated: false @@ -72904,8 +109238,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 7.x + - 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72919,14 +109255,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tenable.com/log4j - notes: None of Tenable’s products are running the version of Log4j vulnerable - to CVE-2021-44228 or CVE-2021-45046 at this time + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Thales - product: CADP/SafeNet Protect App (PA) - JCE + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Cloud Foundation cves: cve-2021-4104: investigated: false @@ -72934,8 +109269,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.x + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72949,13 +109286,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware HCX cves: cve-2021-4104: investigated: false @@ -72963,8 +109300,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.x + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72978,13 +109317,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Batch Data Transformation (BDT) 2.3 + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Horizon cves: cve-2021-4104: investigated: false @@ -72992,8 +109331,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73007,13 +109348,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - - '' + - '[VMware KB 87073 (vmware.com)](https://kb.vmware.com/s/article/87073)' last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Appliance + - vendor: VMware + product: VMware Horizon Cloud Connector cves: cve-2021-4104: investigated: false @@ -73021,8 +109362,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x + - 2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73036,13 +109379,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Embedded + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Horizon DaaS cves: cve-2021-4104: investigated: false @@ -73050,8 +109393,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 9.1.x + - 9.0.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73065,13 +109410,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Database Protection + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Identity Manager cves: cve-2021-4104: investigated: false @@ -73079,8 +109424,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73094,13 +109440,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Manager + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware NSX-T Data Centern cves: cve-2021-4104: investigated: false @@ -73108,8 +109454,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.x + - 2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73123,13 +109471,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Site Recovery Manager cves: cve-2021-4104: investigated: false @@ -73137,8 +109485,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73152,13 +109501,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Application Service for VMs cves: cve-2021-4104: investigated: false @@ -73166,8 +109515,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73181,13 +109531,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Vaultless Tokenization (CTS, CT-VL) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu GemFire cves: cve-2021-4104: investigated: false @@ -73195,8 +109545,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 9.x + - 8.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73210,13 +109562,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust/SafeNet PDBCTL + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Greenplum cves: cve-2021-4104: investigated: false @@ -73224,8 +109576,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73239,13 +109592,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Crypto Command Center (CCC) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Kubernetes Grid Integrated Edition cves: cve-2021-4104: investigated: false @@ -73253,8 +109606,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73268,13 +109622,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Data Protection on Demand + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Observability by Wavefront Nozzle cves: cve-2021-4104: investigated: false @@ -73282,8 +109636,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.x + - 2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73297,13 +109653,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Data Security Manager (DSM) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Operations Manager cves: cve-2021-4104: investigated: false @@ -73311,8 +109667,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73326,13 +109683,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: KeySecure + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu SQL with MySQL for VMs cves: cve-2021-4104: investigated: false @@ -73340,8 +109697,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.x + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73355,13 +109714,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Luna EFT + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Telco Cloud Automation cves: cve-2021-4104: investigated: false @@ -73369,8 +109728,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.x + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73384,13 +109745,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Luna Network, PCIe, Luna USB HSM and backup devices + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Unified Access Gateway cves: cve-2021-4104: investigated: false @@ -73398,8 +109759,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 21.x + - 20.x + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73413,13 +109777,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Luna SP + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vCenter Cloud Gateway cves: cve-2021-4104: investigated: false @@ -73427,8 +109791,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73442,13 +109807,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: payShield Monitor + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Automation cves: cve-2021-4104: investigated: false @@ -73456,8 +109821,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73471,13 +109838,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: ProtectServer HSMs + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -73485,8 +109852,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73500,13 +109868,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Authentication Client + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Log Insight cves: cve-2021-4104: investigated: false @@ -73514,8 +109882,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73529,13 +109898,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet eToken (all products) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Operations cves: cve-2021-4104: investigated: false @@ -73543,8 +109912,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73558,13 +109928,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet IDPrime Virtual + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Operations Cloud Proxy cves: cve-2021-4104: investigated: false @@ -73572,8 +109942,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Any fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73587,13 +109958,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet IDPrime(all products) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Orchestrator cves: cve-2021-4104: investigated: false @@ -73601,8 +109972,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73616,13 +109989,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet LUKS + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Workspace ONE Access cves: cve-2021-4104: investigated: false @@ -73630,8 +110003,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 21.x + - 20.10.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73645,13 +110020,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet PKCS#11 and TDE + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Workspace ONE Access Connector (VMware Identity Manager Connector) cves: cve-2021-4104: investigated: false @@ -73659,8 +110034,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 21.x + - 20.10.x + - 19.03.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73674,42 +110052,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core + last_updated: '2021-12-12T00:00:00' + - vendor: VTScada + product: All cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://www.vtscada.com/vtscada-unaffected-by-log4j/ + notes: Java is not utilized within VTScada software, and thus our users are unaffected. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet ProtectDB (PDB) + last_updated: '2022-01-17T00:00:00' + - vendor: Vyaire + product: '' cves: cve-2021-4104: investigated: false @@ -73732,13 +110111,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Safenet ProtectFile and ProtectFile- Fuse + last_updated: '2021-12-22T00:00:00' + - vendor: WAGO + product: WAGO Smart Script cves: cve-2021-4104: investigated: false @@ -73746,9 +110125,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.2.x < 4.8.1.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -73761,13 +110141,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.wago.com/de/automatisierungstechnik/psirt#log4j notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet ProtectV + - vendor: Wallarm + product: All cves: cve-2021-4104: investigated: false @@ -73790,13 +110170,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://lab.wallarm.com/cve-2021-44228-mitigation-update/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet SQL EKM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wallix + product: Access Manager cves: cve-2021-4104: investigated: false @@ -73804,9 +110184,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -73819,13 +110200,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://www.wallix.com/fr/support/alerts/ + notes: Customer Portal for patch found in advisory. This patch is available to + customer only and has not been reviewed by CISA. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Transform Utility (TU) + - vendor: Wasp Barcode technologies + product: All cves: cve-2021-4104: investigated: false @@ -73848,13 +110229,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Trusted Access (STA) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Watcher + product: All cves: cve-2021-4104: investigated: false @@ -73862,10 +110243,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -73877,13 +110259,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://twitter.com/felix_hrn/status/1470387338001977344 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Vaultless Tokenization + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: AuthPoint cves: cve-2021-4104: investigated: false @@ -73891,9 +110273,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -73906,13 +110289,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SAS on Prem (SPE/PCE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Dimension cves: cve-2021-4104: investigated: false @@ -73920,10 +110303,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -73935,13 +110319,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Connect + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: EDPR and Panda AD360 cves: cve-2021-4104: investigated: false @@ -73949,10 +110333,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -73964,13 +110349,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel EMS Enterprise aaS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Firebox cves: cve-2021-4104: investigated: false @@ -73978,10 +110363,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -73993,13 +110379,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel EMS Enterprise OnPremise + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: System Manager, Dimension, and Panda AD360 cves: cve-2021-4104: investigated: false @@ -74007,10 +110393,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -74022,13 +110409,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Envelope + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Threat Detection and Response cves: cve-2021-4104: investigated: false @@ -74036,9 +110423,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -74051,13 +110439,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel ESDaaS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Wi-Fi Cloud cves: cve-2021-4104: investigated: false @@ -74065,9 +110453,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -74080,13 +110469,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel HASP, Legacy dog, Maze, Hardlock + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Western Digital + product: '' cves: cve-2021-4104: investigated: false @@ -74109,13 +110498,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel LDK EMS (LDK-EMS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WIBU Systems + product: CodeMeter Cloud Lite cves: cve-2021-4104: investigated: false @@ -74123,9 +110512,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2.2 and prior unaffected_versions: [] cve-2021-45046: investigated: false @@ -74138,13 +110528,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel LDKaas (LDK-EMS) + last_updated: '2021-12-22T00:00:00' + - vendor: WIBU Systems + product: CodeMeter Keyring for TIA Portal cves: cve-2021-4104: investigated: false @@ -74152,9 +110542,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.30 and prior unaffected_versions: [] cve-2021-45046: investigated: false @@ -74167,275 +110558,322 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf + notes: Only the Password Manager is affected references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Professional Services components (both Thales hosted & hosted - on-premises by customers) + last_updated: '2021-12-22T00:00:00' + - vendor: WildFly + product: All cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - < 22 + - '> 26.0.0.Final' + - '>= 22' + - <= 26.0.0.Beta1 cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel RMS + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS17 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel SCL + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS18 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Superdog, SuperPro, UltraPro, SHK + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS19 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Up + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS21 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales Data Platform (TDP)(DDC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wind River + product: WRL-6 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales payShield 10k + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-7 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales payShield 9000 + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-8 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales payShield Manager + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-9 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetirc Key Manager (VKM) + last_updated: '2022-01-21T00:00:00' + - vendor: WireShark + product: All cves: cve-2021-4104: investigated: false @@ -74443,10 +110881,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -74458,13 +110897,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.wireshark.org/news/20211215.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetric Application Encryption (VAE) + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Wistia + product: All cves: cve-2021-4104: investigated: false @@ -74487,13 +110926,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://status.wistia.com/incidents/jtg0dfl5l224 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetric Protection for Terradata Database (VPTD) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WitFoo + product: Precinct cves: cve-2021-4104: investigated: false @@ -74503,7 +110942,8 @@ software: cve-2021-44228: investigated: false affected_versions: [] - fixed_versions: [] + fixed_versions: + - 6.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -74516,13 +110956,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ + notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See + advisory. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetric Tokenization Server (VTS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WordPress + product: All cves: cve-2021-4104: investigated: false @@ -74530,10 +110971,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -74545,13 +110987,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thermo Fisher Scientific - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Worksphere + product: All cves: cve-2021-4104: investigated: false @@ -74574,13 +111016,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html + - https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wowza + product: Streaming Engine cves: cve-2021-4104: investigated: false @@ -74590,9 +111032,10 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 2022a + fixed_versions: + - 4.7.8 + - 4.8.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74604,13 +111047,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, Install the 2022a patch when available + - https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WSO2 + product: API Manager cves: cve-2021-4104: investigated: false @@ -74620,9 +111063,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 2021b + fixed_versions: + - '>= 3.0.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74634,13 +111077,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: API Manager Analytics cves: cve-2021-4104: investigated: false @@ -74650,9 +111093,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 2018b to 2021a + fixed_versions: + - '>= 2.6.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74664,14 +111107,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, delete the Log4j 2 files in the program installation - if required, see advisory for instructions. + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator cves: cve-2021-4104: investigated: false @@ -74681,9 +111123,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 2018a and earlier + fixed_versions: + - '>= 6.1.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74695,13 +111137,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thomson Reuters - product: HighQ Appliance + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator Analytics cves: cve-2021-4104: investigated: false @@ -74710,9 +111152,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <3.5 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 6.6.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -74725,15 +111167,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://highqsolutions.zendesk.com - notes: Reported by vendor - Documentation is in vendor's client portal (login - required). This advisory is available to customer only and has not been reviewed - by CISA. + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: ThreatLocker - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server cves: cve-2021-4104: investigated: false @@ -74741,9 +111181,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 5.9.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -74756,13 +111197,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://threatlocker.kb.help/log4j-vulnerability/ - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: ThycoticCentrify - product: Account Lifecycle Manager + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server Analytics cves: cve-2021-4104: investigated: false @@ -74772,9 +111213,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '>= 5.7.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74786,13 +111227,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Cloud Suite + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server as Key Manager cves: cve-2021-4104: investigated: false @@ -74802,9 +111243,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74816,13 +111257,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Connection Manager + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Gateway cves: cve-2021-4104: investigated: false @@ -74832,9 +111273,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '>= 3.2.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74846,13 +111287,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: DevOps Secrets Vault + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator cves: cve-2021-4104: investigated: false @@ -74862,9 +111303,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '>= 1.1.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74876,13 +111317,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Password Reset Server + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Dashboard cves: cve-2021-4104: investigated: false @@ -74892,9 +111333,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '>= 4.0.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74906,13 +111347,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Privilege Manager + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Monitoring Dashboard cves: cve-2021-4104: investigated: false @@ -74922,9 +111363,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74936,13 +111377,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Privileged Behavior Analytics + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking AM cves: cve-2021-4104: investigated: false @@ -74952,9 +111393,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74966,13 +111407,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Secret Server + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking BI cves: cve-2021-4104: investigated: false @@ -74982,9 +111423,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '>= 1.3.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74996,13 +111437,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Server Suite + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking KM cves: cve-2021-4104: investigated: false @@ -75012,9 +111453,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75026,13 +111467,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Tibco - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator cves: cve-2021-4104: investigated: false @@ -75040,9 +111481,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 1.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -75055,13 +111497,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Top Gun Technology (TGT) - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator Tooling cves: cve-2021-4104: investigated: false @@ -75069,9 +111511,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 1.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -75084,13 +111527,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.topgun-tech.com/technical-bulletin-apache-software-log4j-security-vulnerability-cve-2021-44228/ - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: TopDesk - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Processor cves: cve-2021-4104: investigated: false @@ -75098,9 +111541,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 4.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -75113,13 +111557,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.topdesk.com/tas/public/ssp/content/detail/knowledgeitem?unid=74952771dfab4b0794292e63b0409314 - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Topicus Security - product: Topicus KeyHub + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: XCP-ng + product: All cves: cve-2021-4104: investigated: false @@ -75131,7 +111575,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75143,12 +111587,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.topicus-keyhub.com/topicus-keyhub-is-not-vulnerable-to-cve-2021-44228/ + - https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Topix + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: XenForo product: '' cves: cve-2021-4104: @@ -75172,13 +111616,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.topix.de/de/technik/systemfreigaben.html + - https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Tosibox - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: AltaLink Products cves: cve-2021-4104: investigated: false @@ -75186,10 +111630,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75201,13 +111646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.tosibox.com/support/solutions/articles/2100050946-security-advisory-on-vulnerability-in-apache-log4j-library-cve-2021-44228 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: TPLink - product: Omega Controller + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: CareAR cves: cve-2021-4104: investigated: false @@ -75216,10 +111661,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Linux/Windows(all) + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75231,15 +111676,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tp-link.com/us/support/faq/3255 - notes: 'Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as - potential workaround. Though that should now be done with 2.16' + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - - '[Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452),[Reddit - Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j)' - last_updated: '2021-12-15T00:00:00' - - vendor: TrendMicro - product: All + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8700 cves: cve-2021-4104: investigated: false @@ -75247,10 +111690,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75262,13 +111706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.trendmicro.com/solution/000289940 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Tricentis Tosca - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8870 cves: cve-2021-4104: investigated: false @@ -75276,10 +111720,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75291,13 +111736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support-hub.tricentis.com/open?number=NEW0001148&id=post + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Trimble - product: eCognition + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8880 cves: cve-2021-4104: investigated: false @@ -75306,10 +111751,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 10.2.0 Build 4618 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75320,14 +111765,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: Remediation steps provided by Trimble + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Tripp Lite - product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, - SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 9201 cves: cve-2021-4104: investigated: false @@ -75335,10 +111780,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75350,13 +111796,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlert Local (PAL) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 9301 cves: cve-2021-4104: investigated: false @@ -75364,10 +111810,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75379,14 +111826,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 - vulnerability. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlert Network Management System (PANMS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: DocuCentre SC2020 cves: cve-2021-4104: investigated: false @@ -75394,10 +111840,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75409,14 +111856,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 - vulnerability. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlert Network Shutdown Agent (PANSA) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ElemX cves: cve-2021-4104: investigated: false @@ -75424,10 +111870,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75439,14 +111886,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 - vulnerability. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlertElement Manager (PAEM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Core cves: cve-2021-4104: investigated: false @@ -75455,10 +111901,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.0.0 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75470,15 +111916,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which - will contain a patched version of Log4j2 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or - embedded SNMPWEBCARD + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Express to Print cves: cve-2021-4104: investigated: false @@ -75486,10 +111930,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75501,13 +111946,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: TLNETCARD and associated software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Makeready cves: cve-2021-4104: investigated: false @@ -75515,10 +111960,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75530,13 +111976,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripwire - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Output Manager cves: cve-2021-4104: investigated: false @@ -75544,10 +111990,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75559,13 +112006,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tripwire.com/log4j + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: TrueNAS - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Print Manager - APP cves: cve-2021-4104: investigated: false @@ -75573,10 +112020,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75588,13 +112036,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.truenas.com/community/threads/log4j-vulnerability.97359/post-672559 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Tufin - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Variable Information Suite cves: cve-2021-4104: investigated: false @@ -75602,10 +112050,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75617,13 +112066,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.tufin.com/articles/SecurityAdvisories/Apache-Log4Shell-Vulnerability-12-12-2021 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: TYPO3 - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Nuvera EA Perfecting Production Systems cves: cve-2021-4104: investigated: false @@ -75631,10 +112080,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75646,13 +112096,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://typo3.org/article/typo3-psa-2021-004 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Ubiquiti - product: UniFi Network Application + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Nuvera EA Production Systems cves: cve-2021-4104: investigated: false @@ -75661,10 +112111,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.5.53 & lower versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75676,13 +112126,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Ubiquiti - product: UniFi Network Controller + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3300 cves: cve-2021-4104: investigated: false @@ -75691,10 +112141,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.5.54 & lower versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75706,14 +112156,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - - 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation - for mitigatin log4j vulnerabilities by updating to log4j 2.16.0 - last_updated: '2021-12-15T00:00:00' - - vendor: Ubuntu - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3320 cves: cve-2021-4104: investigated: false @@ -75721,10 +112170,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75736,13 +112186,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ubuntu.com/security/CVE-2021-44228 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: UiPath - product: InSights + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3330 cves: cve-2021-4104: investigated: false @@ -75751,10 +112201,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '20.10' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75766,13 +112216,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Umbraco - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3435 cves: cve-2021-4104: investigated: false @@ -75780,10 +112230,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75795,13 +112246,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: UniFlow - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3600 cves: cve-2021-4104: investigated: false @@ -75809,10 +112260,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75824,13 +112276,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.uniflow.global/en/security/security-and-maintenance/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Unify ATOS - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3610 cves: cve-2021-4104: investigated: false @@ -75838,10 +112290,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75853,13 +112306,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Unimus - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3635 cves: cve-2021-4104: investigated: false @@ -75867,10 +112320,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75882,13 +112336,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: USSIGNAL MSP - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4510 cves: cve-2021-4104: investigated: false @@ -75896,10 +112350,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75911,13 +112366,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ussignal.com/blog/apache-log4j-vulnerability + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Varian - product: Acuity + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4622 cves: cve-2021-4104: investigated: false @@ -75925,11 +112380,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75941,13 +112396,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA Connect (Cloverleaf) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6000 cves: cve-2021-4104: investigated: false @@ -75959,7 +112414,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75971,13 +112426,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA eDOC + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6020 cves: cve-2021-4104: investigated: false @@ -75989,7 +112444,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76001,13 +112456,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA oncology information system for Medical Oncology + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6022 cves: cve-2021-4104: investigated: false @@ -76019,7 +112474,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76031,13 +112486,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA oncology information system for Radiation Oncology + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6280 cves: cve-2021-4104: investigated: false @@ -76049,7 +112504,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76061,13 +112516,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA Radiation Therapy Management System (RTM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6510 cves: cve-2021-4104: investigated: false @@ -76079,7 +112534,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76091,13 +112546,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Bravos Console + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6600 cves: cve-2021-4104: investigated: false @@ -76109,7 +112564,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76121,13 +112576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Clinac + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6700 cves: cve-2021-4104: investigated: false @@ -76135,11 +112590,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76151,13 +112606,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Cloud Planner + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 7800 cves: cve-2021-4104: investigated: false @@ -76169,7 +112624,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76181,13 +112636,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: DITC + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 8860 cves: cve-2021-4104: investigated: false @@ -76195,11 +112650,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76211,13 +112666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: DoseLab + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: PrimeLink Products cves: cve-2021-4104: investigated: false @@ -76229,7 +112684,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76241,13 +112696,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Eclipse treatment planning software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Versalink Products cves: cve-2021-4104: investigated: false @@ -76259,7 +112714,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76271,13 +112726,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ePeerReview + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 33xx cves: cve-2021-4104: investigated: false @@ -76285,11 +112740,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76301,13 +112756,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Ethos + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 3615 cves: cve-2021-4104: investigated: false @@ -76319,7 +112774,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76331,13 +112786,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: FullScale oncology IT solutions + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4260 cves: cve-2021-4104: investigated: false @@ -76345,11 +112800,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76361,13 +112816,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Halcyon system + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4265 cves: cve-2021-4104: investigated: false @@ -76375,11 +112830,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76391,13 +112846,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ICAP + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5135 cves: cve-2021-4104: investigated: false @@ -76409,7 +112864,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76421,13 +112876,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Identify + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5150 cves: cve-2021-4104: investigated: false @@ -76439,7 +112894,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76451,13 +112906,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Information Exchange Manager (IEM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5225 cves: cve-2021-4104: investigated: false @@ -76469,7 +112924,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76481,13 +112936,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: InSightive Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5230 cves: cve-2021-4104: investigated: false @@ -76495,11 +112950,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76511,13 +112966,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Large Integrated Oncology Network (LION) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 53XX cves: cve-2021-4104: investigated: false @@ -76529,7 +112984,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76541,13 +112996,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Mobius3D platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5645 cves: cve-2021-4104: investigated: false @@ -76559,7 +113014,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76571,13 +113026,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: PaaS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5655 cves: cve-2021-4104: investigated: false @@ -76589,7 +113044,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76601,13 +113056,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ProBeam + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5740 cves: cve-2021-4104: investigated: false @@ -76619,7 +113074,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76631,13 +113086,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Qumulate + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5745 cves: cve-2021-4104: investigated: false @@ -76649,7 +113104,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76661,13 +113116,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Real-time Position Management (RPM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5755 cves: cve-2021-4104: investigated: false @@ -76679,7 +113134,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76691,13 +113146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Respiratory Gating for Scanners (RGSC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5765 cves: cve-2021-4104: investigated: false @@ -76709,7 +113164,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76721,13 +113176,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: SmartConnect solution + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 58XX cves: cve-2021-4104: investigated: false @@ -76736,10 +113191,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76751,13 +113206,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: 'See Knowledge Article: 000038850 on MyVarian' + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: SmartConnect solution Policy Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5945 cves: cve-2021-4104: investigated: false @@ -76766,10 +113221,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76781,13 +113236,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: 'See Knowledge Articles: 000038831 and 000038832 on MyVarian' + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: TrueBeam radiotherapy system + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5955 cves: cve-2021-4104: investigated: false @@ -76799,7 +113254,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76811,13 +113266,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: UNIQUE system + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6025 cves: cve-2021-4104: investigated: false @@ -76825,11 +113280,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76841,13 +113296,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Varian Authentication and Identity Server (VAIS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6400 cves: cve-2021-4104: investigated: false @@ -76859,7 +113314,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76871,13 +113326,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Varian Managed Services Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6515 cves: cve-2021-4104: investigated: false @@ -76885,11 +113340,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76901,13 +113356,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Varian Mobile App + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6605 cves: cve-2021-4104: investigated: false @@ -76919,8 +113374,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '2.0' - - '2.5' + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76932,13 +113386,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: VariSeed + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6655 cves: cve-2021-4104: investigated: false @@ -76950,7 +113404,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76962,13 +113416,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Velocity + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7425 cves: cve-2021-4104: investigated: false @@ -76980,7 +113434,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76992,13 +113446,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: VitalBeam radiotherapy system + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7435 cves: cve-2021-4104: investigated: false @@ -77010,7 +113464,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77022,13 +113476,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Vitesse + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7525 cves: cve-2021-4104: investigated: false @@ -77040,7 +113494,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77052,13 +113506,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: XMediusFax for ARIA oncology information system for Medical Oncology + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7535 cves: cve-2021-4104: investigated: false @@ -77066,11 +113520,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77082,13 +113536,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: XMediusFax for ARIA oncology information system for Radiation Oncology + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7556 cves: cve-2021-4104: investigated: false @@ -77096,11 +113550,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77112,13 +113566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: VArmour - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7830 cves: cve-2021-4104: investigated: false @@ -77126,10 +113580,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77141,13 +113596,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Varnish Software - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7835 cves: cve-2021-4104: investigated: false @@ -77155,10 +113610,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77170,13 +113626,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.varnish-software.com/security/CVE-2021-44228-45046/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Varonis - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7855 cves: cve-2021-4104: investigated: false @@ -77184,10 +113640,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77199,13 +113656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Veeam - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7970i cves: cve-2021-4104: investigated: false @@ -77213,10 +113670,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77228,13 +113686,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.veeam.com/kb4254 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Venafi - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre ECXX cves: cve-2021-4104: investigated: false @@ -77242,10 +113700,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77257,13 +113716,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.venafi.com/hc/en-us/articles/4416213022733-Log4j-Zero-Day-Vulnerability-notice + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Veritas NetBackup - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Account Payable Services cves: cve-2021-4104: investigated: false @@ -77271,10 +113730,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77286,13 +113746,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.veritas.com/content/support/en_US/article.100052070 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Vertica - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox App Gallery cves: cve-2021-4104: investigated: false @@ -77300,10 +113760,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77315,13 +113776,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.vertica.com/discussion/242512/vertica-security-bulletin-a-potential-vulnerability-has-been-identified-apache-log4j-library-used + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Viso Trust - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B1022/25 cves: cve-2021-4104: investigated: false @@ -77329,10 +113790,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77344,13 +113806,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.visotrust.com/viso-trust-statement-re-cve-2021-44228-log4j-a4b9b5767492 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: VMware - product: API Portal for VMware Tanzu + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B225 cves: cve-2021-4104: investigated: false @@ -77359,10 +113821,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77374,13 +113836,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: App Metrics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B230 cves: cve-2021-4104: investigated: false @@ -77389,10 +113851,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77404,13 +113866,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Healthwatch for Tanzu Application Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B235 cves: cve-2021-4104: investigated: false @@ -77419,11 +113881,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77435,13 +113896,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Single Sign-On for VMware Tanzu Application Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B310 cves: cve-2021-4104: investigated: false @@ -77450,10 +113911,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77465,13 +113926,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Spring Cloud Gateway for Kubernetes + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Baltoro HF Inkjet Press cves: cve-2021-4104: investigated: false @@ -77480,10 +113941,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77495,13 +113956,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Spring Cloud Gateway for VMware Tanzu + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Branded ConnectKey Applications cves: cve-2021-4104: investigated: false @@ -77510,10 +113971,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77525,13 +113986,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Spring Cloud Services for VMware Tanzu + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C230 cves: cve-2021-4104: investigated: false @@ -77540,10 +114001,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77555,13 +114016,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: vCenter Server - OVA + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C235 cves: cve-2021-4104: investigated: false @@ -77570,12 +114031,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.x - - 6.7.x - - 6.5.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77587,14 +114046,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 - )' + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: vCenter Server - Windows + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C310 cves: cve-2021-4104: investigated: false @@ -77603,11 +114061,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.7.x - - 6.5.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77619,14 +114076,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 - )' + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: VMware Carbon Black Cloud Workload Appliance + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Campaigns on Demand cves: cve-2021-4104: investigated: false @@ -77635,10 +114091,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77650,13 +114106,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Carbon Black EDR Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Color EC70 Printer cves: cve-2021-4104: investigated: false @@ -77665,11 +114121,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.x - - 6.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77681,13 +114136,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Cloud Foundation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D110 cves: cve-2021-4104: investigated: false @@ -77696,11 +114151,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.x - - 3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77712,13 +114166,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware HCX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D125 cves: cve-2021-4104: investigated: false @@ -77727,11 +114181,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.x - - 3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77743,13 +114196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Horizon + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D95A cves: cve-2021-4104: investigated: false @@ -77758,11 +114211,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x - - 7.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77774,13 +114226,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - - '[VMware KB 87073 (vmware.com)](https://kb.vmware.com/s/article/87073)' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: VMware Horizon Cloud Connector + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Digital Mailroom Services cves: cve-2021-4104: investigated: false @@ -77789,11 +114241,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77805,13 +114256,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Horizon DaaS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ECXX cves: cve-2021-4104: investigated: false @@ -77820,11 +114271,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 9.1.x - - 9.0.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77836,13 +114286,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Identity Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ED125 cves: cve-2021-4104: investigated: false @@ -77851,10 +114301,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77866,13 +114316,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware NSX-T Data Centern + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ED95A cves: cve-2021-4104: investigated: false @@ -77881,11 +114331,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.x - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77897,13 +114346,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Site Recovery Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox iGen 5 cves: cve-2021-4104: investigated: false @@ -77912,10 +114361,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77927,13 +114376,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Application Service for VMs + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Instant Print Kiosk cves: cve-2021-4104: investigated: false @@ -77942,10 +114391,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77957,13 +114406,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu GemFire + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Intelligent Workplace Services (All Including XDM, XDA, CWW) cves: cve-2021-4104: investigated: false @@ -77972,11 +114421,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 9.x - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77988,13 +114436,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Greenplum + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Iridesse Production Press cves: cve-2021-4104: investigated: false @@ -78003,10 +114451,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -78018,13 +114466,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Kubernetes Grid Integrated Edition + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox J75 cves: cve-2021-4104: investigated: false @@ -78033,10 +114481,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -78048,13 +114496,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Observability by Wavefront Nozzle + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Print and Scan Experience cves: cve-2021-4104: investigated: false @@ -78063,11 +114511,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.x - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -78079,13 +114526,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Operations Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Team Availability Application cves: cve-2021-4104: investigated: false @@ -78094,10 +114541,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -78109,13 +114556,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu SQL with MySQL for VMs + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 180 cves: cve-2021-4104: investigated: false @@ -78124,11 +114571,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -78140,13 +114586,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Telco Cloud Automation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 280 cves: cve-2021-4104: investigated: false @@ -78155,11 +114601,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -78171,13 +114616,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Unified Access Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 3100 cves: cve-2021-4104: investigated: false @@ -78186,12 +114631,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 21.x - - 20.x - - 3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -78203,13 +114646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vCenter Cloud Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 4100 cves: cve-2021-4104: investigated: false @@ -78218,10 +114661,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -78233,13 +114676,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Automation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workflow Central Platform cves: cve-2021-4104: investigated: false @@ -78248,11 +114691,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x - - 7.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -78264,13 +114706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Lifecycle Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workplace Kiosk cves: cve-2021-4104: investigated: false @@ -78279,10 +114721,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -78294,13 +114736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Log Insight + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workplace Suite cves: cve-2021-4104: investigated: false @@ -78309,10 +114751,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -78324,13 +114766,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Operations + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workspace Cloud cves: cve-2021-4104: investigated: false @@ -78339,10 +114781,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -78354,13 +114796,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Operations Cloud Proxy + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Data-Driven Print and VDP cves: cve-2021-4104: investigated: false @@ -78369,10 +114811,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Any + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -78384,13 +114826,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Orchestrator + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Omnichannel Communications cves: cve-2021-4104: investigated: false @@ -78399,11 +114841,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x - - 7.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -78415,13 +114856,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Workspace ONE Access + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Web to Print cves: cve-2021-4104: investigated: false @@ -78430,11 +114871,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 21.x - - 20.10.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -78446,13 +114886,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Workspace ONE Access Connector (VMware Identity Manager Connector) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: XPertDoc + product: All cves: cve-2021-4104: investigated: false @@ -78460,11 +114900,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 21.x - - 20.10.x - - 19.03.0.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78478,43 +114915,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VTScada + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: XPLG product: All cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vtscada.com/vtscada-unaffected-by-log4j/ - notes: Java is not utilized within VTScada software, and thus our users are unaffected. + - https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/ + notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Vyaire - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: XWIKI + product: All cves: cve-2021-4104: investigated: false @@ -78537,13 +114973,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf + - https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: WAGO - product: WAGO Smart Script + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xylem + product: Aquatalk cves: cve-2021-4104: investigated: false @@ -78552,9 +114988,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.2.x < 4.8.1.3 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -78567,13 +115003,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.wago.com/de/automatisierungstechnik/psirt#log4j + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Wallarm - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Avensor cves: cve-2021-4104: investigated: false @@ -78581,9 +115017,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -78596,13 +115033,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://lab.wallarm.com/cve-2021-44228-mitigation-update/ + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Wasp Barcode technologies - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Configuration change complete cves: cve-2021-4104: investigated: false @@ -78610,9 +115047,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -78625,13 +115063,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: WatchGuard - product: Secplicity + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus Analytics cves: cve-2021-4104: investigated: false @@ -78639,9 +115077,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -78654,13 +115093,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Western Digital - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus Automation Control Configuration change complete cves: cve-2021-4104: investigated: false @@ -78668,9 +115107,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -78683,13 +115123,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: WIBU Systems - product: CodeMeter Cloud Lite + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus Cathodic Protection Mitigation in process Mitigation in process cves: cve-2021-4104: investigated: false @@ -78699,7 +115139,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2.2 and prior + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78713,13 +115153,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: WIBU Systems - product: CodeMeter Keyring for TIA Portal + - vendor: Xylem + product: Sensus FieldLogic LogServer cves: cve-2021-4104: investigated: false @@ -78729,7 +115169,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 1.30 and prior + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78743,13 +115183,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf - notes: Only the Password Manager is affected + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: WindRiver - product: '' + - vendor: Xylem + product: Sensus Lighting Control cves: cve-2021-4104: investigated: false @@ -78757,9 +115197,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -78772,13 +115213,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: WireShark - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus NetMetrics Configuration change complete cves: cve-2021-4104: investigated: false @@ -78786,9 +115227,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -78801,13 +115243,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gitlab.com/wireshark/wireshark/-/issues/17783 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Wistia - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus RNI On Prem cves: cve-2021-4104: investigated: false @@ -78815,8 +115257,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.7 through 4.10 + - 4.4 through 4.6 + - '4.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78830,13 +115275,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.wistia.com/incidents/jtg0dfl5l224 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: WitFoo - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus RNI Saas cves: cve-2021-4104: investigated: false @@ -78844,9 +115289,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.7 through 4.10 + - 4.4 through 4.6 + - '4.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -78859,13 +115307,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: WordPress - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus SCS cves: cve-2021-4104: investigated: false @@ -78873,9 +115321,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -78888,13 +115337,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/ + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Worksphere - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Smart Irrigation cves: cve-2021-4104: investigated: false @@ -78902,8 +115351,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78917,13 +115367,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Wowza - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Water Loss Management (Visenti) cves: cve-2021-4104: investigated: false @@ -78931,9 +115381,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -78946,13 +115397,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: WSO2 - product: WSO2 Enterprise Integrator + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Xylem Cloud cves: cve-2021-4104: investigated: false @@ -78961,9 +115412,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.1.0 and above - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -78976,13 +115427,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: XCP-ng - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Xylem Edge Gateway (xGW) cves: cve-2021-4104: investigated: false @@ -78990,9 +115441,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -79005,12 +115457,46 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: XenForo + last_updated: '2021-12-22T00:00:00' + - vendor: Yahoo + product: Vespa + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://blog.vespa.ai/log4j-vulnerability/ + notes: Your Vespa application may still be affected if log4j is included in your + application package. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Yellowbrick product: '' cves: cve-2021-4104: @@ -79034,13 +115520,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/ + - https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Xerox - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: YellowFin + product: All cves: cve-2021-4104: investigated: false @@ -79048,9 +115534,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 8.0.10.3, 9.7.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -79063,13 +115550,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf - notes: '' + - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 + notes: v7 and v6 releases are not affected unless you have manually upgraded to + Log4j2. references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: XPertDoc - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Yenlo + product: Connext cves: cve-2021-4104: investigated: false @@ -79077,10 +115565,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -79092,13 +115581,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727 - notes: '' + - https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/ + notes: Connext Platform (Managed WSO2 Cloud) and all underlying middleware components + are not vulnerable. references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: XPLG - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: YOKOGAWA + product: CENTUM VP cves: cve-2021-4104: investigated: false @@ -79121,13 +115611,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/ - notes: '' + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: XWIKI - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CENTUM VP (other components) cves: cve-2021-4104: investigated: false @@ -79135,10 +115625,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is + still under investigation. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CI Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -79150,13 +115672,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557 + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Xylem - product: Aquatalk + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaopc cves: cve-2021-4104: investigated: false @@ -79164,10 +115686,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -79179,13 +115702,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Avensor + - vendor: YOKOGAWA + product: Exaplog cves: cve-2021-4104: investigated: false @@ -79193,10 +115716,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -79208,13 +115732,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Configuration change complete + - vendor: YOKOGAWA + product: Exaquantum cves: cve-2021-4104: investigated: false @@ -79222,10 +115746,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -79237,13 +115762,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus Analytics + - vendor: YOKOGAWA + product: FAST/TOOLS cves: cve-2021-4104: investigated: false @@ -79251,10 +115776,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -79266,13 +115792,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus Automation Control Configuration change complete + - vendor: YOKOGAWA + product: PRM cves: cve-2021-4104: investigated: false @@ -79280,10 +115806,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -79295,13 +115822,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus Cathodic Protection Mitigation in process Mitigation in process + - vendor: YOKOGAWA + product: ProSafe-RS cves: cve-2021-4104: investigated: false @@ -79309,10 +115836,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -79324,13 +115852,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus FieldLogic LogServer + - vendor: YOKOGAWA + product: ProSafe-RS Lite cves: cve-2021-4104: investigated: false @@ -79338,10 +115866,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -79353,13 +115882,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus Lighting Control + - vendor: YOKOGAWA + product: STARDOM cves: cve-2021-4104: investigated: false @@ -79367,10 +115896,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -79382,13 +115912,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus NetMetrics Configuration change complete + - vendor: YOKOGAWA + product: VTSPortal cves: cve-2021-4104: investigated: false @@ -79396,10 +115926,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -79411,13 +115942,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus RNI On Prem + - vendor: YSoft + product: SAFEQ 4 cves: cve-2021-4104: investigated: false @@ -79426,12 +115957,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.7 through 4.10 - - 4.4 through 4.6 - - '4.2' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -79443,13 +115972,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus RNI Saas + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 5 cves: cve-2021-4104: investigated: false @@ -79458,12 +115987,41 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.7 through 4.10 - - 4.4 through 4.6 - - '4.2' + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 6 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - <=6.0.63 + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -79475,13 +116033,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus SCS + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Zabbix + product: '' cves: cve-2021-4104: investigated: false @@ -79504,13 +116062,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Smart Irrigation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ZAMMAD + product: '' cves: cve-2021-4104: investigated: false @@ -79533,13 +116091,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Water Loss Management (Visenti) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Zaproxy + product: '' cves: cve-2021-4104: investigated: false @@ -79562,13 +116120,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Xylem Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Zebra + product: '' cves: cve-2021-4104: investigated: false @@ -79591,23 +116149,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Xylem Edge Gateway (xGW) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Zeiss + product: Cataract Suite cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -79620,23 +116180,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Yellowbrick - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: EQ Workplace cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.6, 1.8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -79649,23 +116211,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: YellowFin - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: FORUM cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.2.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -79678,23 +116242,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: YOKOGAWA - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Glaucoma Workplace cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.5.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -79707,23 +116273,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: YSoft SAFEQ - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Laser Treatment Workplace cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -79736,23 +116304,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Zabbix - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Retina Workplace cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2.5.x, 2.6.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -79765,13 +116335,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/ - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: ZAMMAD - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zendesk + product: All Products cves: cve-2021-4104: investigated: false @@ -79779,8 +116349,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All Versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79794,12 +116365,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256 - notes: '' + - https://support.zendesk.com/hc/en-us/articles/4413583476122 + notes: Zendesk products are all cloud-based; thus there are no updates for the + customers to install as the company is working on patching their infrastructure + and systems. references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Zaproxy + last_updated: '2021-12-13T00:00:00' + - vendor: Zenoss product: '' cves: cve-2021-4104: @@ -79823,13 +116396,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/ + - https://support.zenoss.com/hc/en-us notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Zebra - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Zentera Systems, Inc. + product: CoIP Access Platform cves: cve-2021-4104: investigated: false @@ -79837,10 +116410,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -79852,131 +116426,143 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html + - https://support.zentera.net/hc/en-us/articles/4416227743511--CVE-2021-44228-Log4Shell-Vulnerability-in-Apache-Log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Zendesk - product: All Products + last_updated: '2021-12-17T00:00:00' + - vendor: Zerto + product: Cloud Appliance cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true - affected_versions: - - All Versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - - https://support.zendesk.com/hc/en-us/articles/4413583476122 - notes: Zendesk products are all cloud-based; thus there are no updates for the - customers to install as the company is working on patching their infrastructure - and systems. + - https://help.zerto.com/kb/000004822 + notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Zenoss - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Cloud Manager cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - - https://support.zenoss.com/hc/en-us + - https://help.zerto.com/kb/000004822 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Zentera Systems, Inc. - product: CoIP Access Platform + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Virtual Manager cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - - https://support.zentera.net/hc/en-us/articles/4416227743511--CVE-2021-44228-Log4Shell-Vulnerability-in-Apache-Log4j + - https://help.zerto.com/kb/000004822 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2021-02-01T00:00:00' - vendor: Zerto - product: '' + product: Virtual Replication Appliance cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://help.zerto.com/kb/000004822 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2021-02-01T00:00:00' - vendor: Zesty product: '' cves: @@ -80005,7 +116591,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zimbra product: '' cves: @@ -80034,7 +116620,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zix product: '' cves: @@ -80064,35 +116650,72 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Zoom - product: '' + - vendor: Zoho + product: Online cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zoho.com/portal/en/community/topic/update-on-the-recent-apache-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zoom + product: '' + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' vendor_links: - https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ZPE systems Inc product: '' cves: @@ -80121,7 +116744,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zscaler product: See Link (Multiple Products) cves: @@ -80179,15 +116802,82 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zyxel - product: Security Firewall/Gateways + product: All other products cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Netlas Element Management System (EMS) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: Hotfix availibility Dec. 20 2021. Patch availability in end of Feb. 2022. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Security Firewall/Gateways + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] @@ -80196,15 +116886,17 @@ software: - ZLD Firmware Security Services - Nebula cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability notes: '' diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 03f5dd2..177266c 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: ABB - product: '' + product: AlarmInsight Cloud cves: cve-2021-4104: investigated: false @@ -13,10 +13,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28,13 +29,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: ABB Remote Service + product: B&R Products cves: cve-2021-4104: investigated: false @@ -43,10 +44,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ABB Remote Platform (RAP) + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -57,13 +58,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: AlarmInsight Cloud + product: Remote Service cves: cve-2021-4104: investigated: false @@ -71,10 +73,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - AlarmInsight KPI Dashboards 1.0.0 - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86,13 +88,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ABB - product: B&R Products + - vendor: Abbott + product: All cves: cve-2021-4104: investigated: false @@ -101,8 +104,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - See Vendor Advisory + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -116,13 +118,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf - notes: '' + - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html + notes: Details are shared with customers with an active RAP subscription. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Abbott - product: '' + product: GLP Track System cves: cve-2021-4104: investigated: false @@ -130,8 +132,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Track Sample Manager (TSM) + - Track Workflow Manager (TWM) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -146,12 +150,13 @@ software: unaffected_versions: [] vendor_links: - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html - notes: '' + notes: Abbott will provide a fix for this in a future update expected in January + 2022. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Abnormal Security - product: Abnormal Security + product: All cves: cve-2021-4104: investigated: false @@ -159,10 +164,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -179,8 +185,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Accellence - product: '' + - vendor: Accellence Technologies + product: EBÜS cves: cve-2021-4104: investigated: false @@ -188,10 +194,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accellence.de/en/articles/cve-2021-44228-62 + notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several + 3rd-party software setups, which may be affected. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accellence Technologies + product: Vimacc + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -203,7 +241,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.accellence.de/en/articles/national-vulnerability-database-62 + - https://www.accellence.de/en/articles/cve-2021-44228-62 notes: '' references: - '' @@ -234,17 +272,17 @@ software: unaffected_versions: [] vendor_links: - https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/ - notes: '"As a precaution, Kiteworks released a 7.6.1 Hotfix software update to - address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 + notes: As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address + the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems - as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” - to disable the possible attack vector on both CentOS 6 and CentOS 7."' + as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" + to disable the possible attack vector on both CentOS 6 and CentOS 7. references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Acquia - product: '' + - vendor: Accruent + product: Analytics cves: cve-2021-4104: investigated: false @@ -252,9 +290,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -267,13 +306,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228 + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Acronis - product: '' + - vendor: Accruent + product: Asset Enterprise cves: cve-2021-4104: investigated: false @@ -281,10 +320,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -296,13 +336,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security-advisory.acronis.com/advisories/SEC-3859 + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ActiveState - product: '' + - vendor: Accruent + product: BigCenter cves: cve-2021-4104: investigated: false @@ -310,9 +350,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -325,13 +366,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/ + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adaptec - product: '' + - vendor: Accruent + product: EMS cves: cve-2021-4104: investigated: false @@ -339,10 +380,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -354,13 +396,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Addigy - product: '' + - vendor: Accruent + product: Evoco cves: cve-2021-4104: investigated: false @@ -368,9 +410,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -383,13 +426,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/ + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adeptia - product: '' + - vendor: Accruent + product: Expesite cves: cve-2021-4104: investigated: false @@ -397,9 +440,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -412,13 +456,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adobe ColdFusion - product: '' + - vendor: Accruent + product: Famis 360 cves: cve-2021-4104: investigated: false @@ -426,9 +470,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -441,13 +486,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ADP - product: '' + - vendor: Accruent + product: Lucernex cves: cve-2021-4104: investigated: false @@ -455,9 +500,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -470,13 +516,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFAS Software - product: '' + - vendor: Accruent + product: Maintenance Connection cves: cve-2021-4104: investigated: false @@ -484,10 +530,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -499,13 +546,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANsuite + - vendor: Accruent + product: Meridian cves: cve-2021-4104: investigated: false @@ -515,9 +562,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -529,13 +576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANServer + - vendor: Accruent + product: Single Sign On (SSO, Central Auth) cves: cve-2021-4104: investigated: false @@ -547,7 +594,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -559,13 +606,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANcart + - vendor: Accruent + product: SiteFM3 cves: cve-2021-4104: investigated: false @@ -575,9 +622,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -589,13 +636,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANweb + - vendor: Accruent + product: SiteFM4 cves: cve-2021-4104: investigated: false @@ -605,9 +652,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -619,13 +666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANmobile + - vendor: Accruent + product: Siterra cves: cve-2021-4104: investigated: false @@ -635,9 +682,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -649,13 +696,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANupdate + - vendor: Accruent + product: TMS cves: cve-2021-4104: investigated: false @@ -667,7 +714,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -679,13 +726,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Agilysys - product: '' + - vendor: Accruent + product: VxField cves: cve-2021-4104: investigated: false @@ -693,10 +740,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -708,13 +756,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: Active MFT + - vendor: Accruent + product: VxMaintain cves: cve-2021-4104: investigated: false @@ -722,9 +770,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -737,14 +786,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: VxObserve cves: cve-2021-4104: investigated: false @@ -752,9 +800,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -767,14 +816,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: VxSustain cves: cve-2021-4104: investigated: false @@ -782,9 +830,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -797,14 +846,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acquia + product: All cves: cve-2021-4104: investigated: false @@ -827,14 +875,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Akamai - product: SIEM Splunk Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Backup cves: cve-2021-4104: investigated: false @@ -843,10 +890,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '11.7' cve-2021-45046: investigated: false affected_versions: [] @@ -858,13 +905,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://splunkbase.splunk.com/app/4310/ - notes: v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Alcatel - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Backup cves: cve-2021-4104: investigated: false @@ -872,10 +919,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '12.5' cve-2021-45046: investigated: false affected_versions: [] @@ -887,13 +935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dokuwiki.alu4u.com/doku.php?id=log4j + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alertus - product: '' + - vendor: Acronis + product: Cyber Files cves: cve-2021-4104: investigated: false @@ -901,10 +949,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.6.2 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -916,13 +965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alexion - product: '' + - vendor: Acronis + product: Cyber Infrastructure cves: cve-2021-4104: investigated: false @@ -930,10 +979,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '3.5' + - 4.x cve-2021-45046: investigated: false affected_versions: [] @@ -945,13 +996,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alfresco - product: '' + - vendor: Acronis + product: Cyber Protect cves: cve-2021-4104: investigated: false @@ -959,10 +1010,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '15' cve-2021-45046: investigated: false affected_versions: [] @@ -974,13 +1026,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717 + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AlienVault - product: '' + - vendor: Acronis + product: Cyber Protection Home Office cves: cve-2021-4104: investigated: false @@ -988,10 +1040,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2017 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1003,13 +1056,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228 + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alphatron Medical - product: '' + - vendor: Acronis + product: DeviceLock DLP cves: cve-2021-4104: investigated: false @@ -1017,10 +1070,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '9.0' cve-2021-45046: investigated: false affected_versions: [] @@ -1032,13 +1086,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.alphatronmedical.com/home.html + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Athena + - vendor: Acronis + product: Files Connect cves: cve-2021-4104: investigated: false @@ -1046,10 +1100,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 10.7 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1061,13 +1116,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS + - vendor: Acronis + product: MassTransit cves: cve-2021-4104: investigated: false @@ -1079,8 +1134,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Linux 1 - - '2' + - '8.1' + - '8.2' cve-2021-45046: investigated: false affected_versions: [] @@ -1091,16 +1146,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: 'Notes: Amazon Linux 1 had aws apitools which were Java based but these - were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). - AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 - and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2' + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: AWS API Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Snap Deploy cves: cve-2021-4104: investigated: false @@ -1110,9 +1163,10 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5' + - '6' cve-2021-45046: investigated: false affected_versions: [] @@ -1124,13 +1178,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Amazon - product: AWS CloudHSM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ActiveState + product: All cves: cve-2021-4104: investigated: false @@ -1138,9 +1192,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 3.4.1. + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1154,13 +1207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS Connect + - vendor: Acunetix + product: '360' cves: cve-2021-4104: investigated: false @@ -1170,9 +1223,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - All - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1184,15 +1237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Vendors recommend evaluating components of the environment outside of the - Amazon Connect service boundary, which may require separate/additional customer - mitigation + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Amazon - product: AWS Lambda + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: Agents cves: cve-2021-4104: investigated: false @@ -1201,10 +1252,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1216,13 +1267,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS DynamoDB + - vendor: Acunetix + product: Application cves: cve-2021-4104: investigated: false @@ -1232,9 +1283,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1246,13 +1297,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS ElastiCache + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - ASP.NET cves: cve-2021-4104: investigated: false @@ -1262,9 +1313,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1276,13 +1327,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS Inspector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - NodeJS cves: cve-2021-4104: investigated: false @@ -1292,9 +1343,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1306,13 +1357,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS RDS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - PHP cves: cve-2021-4104: investigated: false @@ -1322,9 +1373,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1336,14 +1387,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified - in CVE-2021-44228 + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS S3 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST-Java cves: cve-2021-4104: investigated: false @@ -1354,7 +1404,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -1367,13 +1417,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: AcuSensor IAST module needs attention. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS SNS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adaptec + product: All cves: cve-2021-4104: investigated: false @@ -1381,10 +1431,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1397,15 +1446,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon SNS systems that serve customer traffic are patched against the - Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate - separately from SNS’s systems that serve customer traffic + - https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS SQS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Addigy + product: All cves: cve-2021-4104: investigated: false @@ -1413,10 +1460,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1429,13 +1475,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: AWS EKS, ECS, Fargate + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adeptia + product: Connect cves: cve-2021-4104: investigated: false @@ -1444,9 +1490,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '3.3' + - '3.4' + - '3.5' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1459,19 +1507,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache “Log4j2" utility - (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, - Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). - This hot-patch will require customer opt-in to use, and disables JNDI lookups - from the Log4J2 library in customers’ containers. These updates are available - as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Amazon - product: AWS ELB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adeptia + product: Suite cves: cve-2021-4104: investigated: false @@ -1482,7 +1524,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - 6.9.9 + - 6.9.10 + - 6.9.11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1495,13 +1539,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Amazon - product: AWS Kinesis Data Stream + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Automated Forms Conversion Service cves: cve-2021-4104: investigated: false @@ -1511,7 +1555,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Unknown + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1525,17 +1569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: We are actively patching all sub-systems that use Log4j2 by applying updates. - The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library - (KPL) are not impacted. For customers using KCL 1.x, we have released an updated - version and we strongly recommend that all KCL version 1.x customers upgrade - to KCL version 1.14.5 (or higher) + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS Lambda + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: ColdFusion cves: cve-2021-4104: investigated: false @@ -1544,9 +1584,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1559,13 +1599,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: CloudFront + - vendor: Adobe + product: Experience Manager 6.3 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1573,9 +1613,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All versions from 6.3 GA to 6.3.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1588,13 +1629,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: CloudWatch + - vendor: Adobe + product: Experience Manager 6.4 Forms Designer cves: cve-2021-4104: investigated: false @@ -1602,8 +1643,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1617,13 +1659,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: EC2 + - vendor: Adobe + product: Experience Manager 6.4 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1633,9 +1675,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Amazon Linux 1 & 2 + fixed_versions: + - All versions from 6.4 GA to 6.4.8 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1647,13 +1689,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: ELB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.5 Forms Designer cves: cve-2021-4104: investigated: false @@ -1661,9 +1703,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1676,13 +1719,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: KMS + - vendor: Adobe + product: Experience Manager 6.5 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1690,9 +1733,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All versions from 6.5 GA to 6.5.11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1705,13 +1749,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: OpenSearch + - vendor: Adobe + product: Experience Manager Forms on OSGi cves: cve-2021-4104: investigated: false @@ -1720,10 +1764,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1735,13 +1779,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: RDS + - vendor: Adobe + product: Experience Manager Forms Workbench cves: cve-2021-4104: investigated: false @@ -1749,10 +1793,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1764,13 +1809,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Route 53 + - vendor: ADP + product: All cves: cve-2021-4104: investigated: false @@ -1793,42 +1838,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: S3 + - vendor: Advanced Micro Devices (AMD) + product: All cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Translate + last_updated: '2022-02-02T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: Active MFT cves: cve-2021-4104: investigated: false @@ -1836,10 +1882,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1851,13 +1898,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/translate/ - notes: Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: VPC + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT cves: cve-2021-4104: investigated: false @@ -1865,10 +1913,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1880,13 +1929,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AMD - product: All + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Gateway cves: cve-2021-4104: investigated: false @@ -1894,10 +1944,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1909,14 +1960,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 - notes: Currently, no AMD products have been identified as affected. AMD is continuing - its analysis. + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Anaconda - product: Anaconda + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Server cves: cve-2021-4104: investigated: false @@ -1928,7 +1979,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 4.10.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1940,13 +1991,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.conda.io/projects/conda/en/latest/index.html - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: ActiveMQ Artemis + last_updated: '2021-12-14T00:00:00' + - vendor: AFHCAN Global LLC + product: AFHCANcart cves: cve-2021-4104: investigated: false @@ -1958,7 +2010,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -1970,18 +2022,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://activemq.apache.org/news/cve-2021-44228 - notes: ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 - is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). - Although this version of Log4j is not impacted by CVE-2021-44228 future versions - of Artemis will be updated so that the Log4j jar is no longer included in the - web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) - for more information on that task. + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: Airflow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANmobile cves: cve-2021-4104: investigated: false @@ -1989,10 +2036,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2004,13 +2052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/apache/airflow/tree/main/airflow - notes: Airflow is written in Python + - https://afhcan.org/support.aspx + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Camel + - vendor: AFHCAN Global LLC + product: AFHCANServer cves: cve-2021-4104: investigated: false @@ -2019,11 +2067,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.14.1.3.11.5 - - 3.7.7 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2035,17 +2082,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ - notes: Apache Camel does not directly depend on Log4j 2, so we are not affected - by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own - applications, make sure to upgrade.Apache Camel does use log4j during testing - itself, and therefore you can find that we have been using log4j v2.13.3 release - in our latest LTS releases Camel 3.7.6, 3.11.4. + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel Quarkus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANsuite cves: cve-2021-4104: investigated: false @@ -2053,10 +2096,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2068,13 +2112,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel K + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANupdate cves: cve-2021-4104: investigated: false @@ -2082,10 +2126,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2097,13 +2142,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: CamelKafka Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANweb cves: cve-2021-4104: investigated: false @@ -2111,10 +2156,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2126,13 +2172,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel Karaf + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Agilysys + product: All cves: cve-2021-4104: investigated: false @@ -2155,14 +2201,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ - notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release - with updated log4j. + - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel JBang + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Mobile cves: cve-2021-4104: investigated: false @@ -2171,10 +2216,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <=3.1.4 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.6+ cve-2021-45046: investigated: false affected_versions: [] @@ -2186,13 +2231,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel 2 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Other products cves: cve-2021-4104: investigated: false @@ -2200,10 +2245,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - version 8.5.4.86 (and above) cve-2021-45046: investigated: false affected_versions: [] @@ -2215,13 +2261,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Druid + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: PRD cves: cve-2021-4104: investigated: false @@ -2230,10 +2276,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < druid 0.22.0 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '2.0' cve-2021-45046: investigated: false affected_versions: [] @@ -2245,13 +2291,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/apache/druid/releases/tag/druid-0.22.1 + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Apache - product: Flink + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AIL + product: All cves: cve-2021-4104: investigated: false @@ -2261,12 +2307,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 1.14.2 - - 1.13.5 - - 1.12.7 - - 1.11.6 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2278,17 +2321,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://flink.apache.org/2021/12/10/log4j-cve.html - notes: 'To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 - releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were - skipped because CVE-2021-45046 was discovered during the release publication. - The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade - for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046.' + - https://twitter.com/ail_project/status/1470373644279119875 + notes: '' references: - - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' - last_updated: '2021-12-12T00:00:00' - - vendor: Apache - product: Kafka + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Akamai + product: Enterprise Application Access (EAA) Connector cves: cve-2021-4104: investigated: false @@ -2300,7 +2339,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2312,14 +2351,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kafka.apache.org/cve-list - notes: The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, - not v2. + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Apache - product: Kafka + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Integration Connector cves: cve-2021-4104: investigated: false @@ -2328,9 +2366,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - <1.7.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2343,13 +2381,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html - notes: Only vulnerable in certain configuration(s) + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 + and CVE-2021-45105. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Log4j + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Splunk Connector cves: cve-2021-4104: investigated: false @@ -2358,9 +2397,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.15.0 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - < 1.4.10 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2373,13 +2412,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html - notes: '' + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. + Although it includes the vulnerable Log4J component, it is not used by the connector. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Solr + last_updated: '2021-12-15T00:00:00' + - vendor: Alcatel + product: All cves: cve-2021-4104: investigated: false @@ -2387,11 +2427,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 7.4.0 to 7.7.3 - - 8.0.0 to 8.11.0 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -2404,13 +2442,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 - notes: Update to 8.11.1 or apply fixes as described in Solr security advisory + - https://dokuwiki.alu4u.com/doku.php?id=log4j + notes: '' references: - - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' - last_updated: '2021-12-16T00:00:00' - - vendor: Apache - product: Struts 2 + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alertus + product: Console cves: cve-2021-4104: investigated: false @@ -2418,10 +2456,4163 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - Versions before 2.5.28.1 - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - 5.15.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alexion + product: Alexion CRM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alfresco + product: Alfresco + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AlienVault + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: AmiSconnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Custo Diagnostics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '5.4' + - '5.6' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: JiveX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Zorgbericht + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Work in progress, portion of customers may still be vulnerable. Actively + monitoring this issue, and are working on addressing it for any AMS services + which use Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: API Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena JDBC Driver + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: All versions vended to customers were not affected. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Linux 1 + - '2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated + in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). + AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 + and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS AppFlow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS AppSync + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager Private CA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS CloudHSM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 3.4.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodeBuild + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodePipeline + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Vendors recommend evaluating components of the environment outside of the + Amazon Connect service boundary, which may require separate/additional customer + mitigation. + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS Directory Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS DynamoDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ECS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS EKS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Elastic Beanstalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Default configuration of applications usage of Log4j versions is not vulnerable. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ElastiCache + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ELB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Fargate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available + as platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Has been updated. Vulnerable only if ETL jobs load affected versions of + Apache Log4j. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Greengrass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure + Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, + an update for the Stream Manager feature is included in Greengrass patch versions + 1.10.5 and 1.11.5. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Inspector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS IoT SiteWise Edge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all AWS IoT SiteWise Edge components that use Log4j were made + available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher + (v2.0.2). + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS Kinesis Data Streams + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: We are actively patching all sub-systems that use Log4j2 by applying updates. + The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library + (KPL) are not impacted. For customers using KCL 1.x, we have released an updated + version and we strongly recommend that all KCL version 1.x customers upgrade + to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are + not vulnerable. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS KMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Lambda + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Vulnerable when using aws-lambda-java-log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Polly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS QuickSight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS RDS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified + in CVE-2021-44228. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS S3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Secrets Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Service Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS SNS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon SNS systems that serve customer traffic are patched against the + Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate + separately from SNS’s systems that serve customer traffic. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SQS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Textract + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Chime + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon Chime and Chime SDK services have been updated to mitigate the issues + identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cloud Directory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudFront + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudWatch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cognito + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Corretto + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: 10/19 release distribution does not include Log4j. Vulnerable only if customers + applications use affected versions of Apache Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: DocumentDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EC2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux + 2022 is affected. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: ECR Public + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon-owned images published under a Verified Account on Amazon ECR Public + are not affected by the Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Elastic Load Balancing + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Services have been updated. All Elastic Load Balancers, as well as Classic, + Application, Network and Gateway, are not affected by this Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: EMR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Many customers are estimated to be vulnerable. Vulnerable only if affected + EMR releases are used and untrusted sources are configured to be processed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EventBridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Fraud Detector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector Classic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kafka (MSK) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Applying updates as required, portion of customers may still be vulnerable. + Some MSK-specific service components use Log4j > 2.0.0 library and are being + patched where needed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kendra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Keyspaces (for Apache Cassandra) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis Data Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lake Formation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Update in progress, portion of customers may still be vulnerable. AWS Lake + Formation service hosts are being updated to the latest version of Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Linux (AL1) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM + layer issue is available. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Linux (AL2) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable, and a new version of Amazon Kinesis Agent which + is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j + issue in JVM layer is available. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lookout for Equipment + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Macie + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Macie Classic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Managed Workflows for Apache Airflow (MWAA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: MemoryDB for Redis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Monitron + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: MQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Neptune + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: NICE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Recommended to update EnginFrame or Log4j library. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: OpenSearch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - R20211203-P2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Update released, customers need to update their clusters to the fixed release. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Pinpoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: RDS Aurora + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: RDS for Oracle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Redshift + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Rekognition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Route 53 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: SageMaker + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable + only if customers applications use affected versions of Apache Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Notification Service (SNS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Systems that serve customer traffic are patched against the Log4j2 issue. + Working to apply the patch to sub-systems that operate separately from SNSs + systems that serve customer traffic. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Queue Service (SQS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Workflow Service (SWF) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Single Sign-On + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Step Functions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Timestream + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Translate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/translate/ + notes: Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: VPC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: WorkSpaces/AppStream 2.0 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Not affected with default configurations. WorkDocs Sync client versions + 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, + are vulnerable; For update instruction, see source for more info. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AMD + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + notes: Currently, no AMD products have been identified as affected. AMD is continuing + its analysis. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Anaconda + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 4.10.3 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.conda.io/projects/conda/en/latest/index.html + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: AOMEI + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.aomeitech.com/forum/index.php?p=/discussion/7651/aomei-and-log4j + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: ActiveMQ Artemis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://activemq.apache.org/news/cve-2021-44228 + notes: ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 + is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). + Although this version of Log4j is not impacted by CVE-2021-44228 future versions + of Artemis will be updated so that the Log4j jar is no longer included in the + web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) + for more information on that task. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: Airflow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Airflow is written in Python + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Archiva + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.2.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.2.6. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Camel + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: Apache Camel does not directly depend on Log4j 2, so we are not affected + by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own + applications, make sure to upgrade.Apache Camel does use log4j during testing + itself, and therefore you can find that we have been using log4j v2.13.3 release + in our latest LTS releases Camel 3.7.6, 3.11.4. + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel 2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel JBang + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <=3.1.4 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel K + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Kafka Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Karaf + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release + with updated log4j. + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Quarkus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Cassandra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Druid + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 0.22.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/apache/druid/releases/tag/druid-0.22.1 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Dubbo + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/apache/dubbo/issues/9380 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Flink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.15.0 + - 1.14.2 + - 1.13.5 + - 1.12.7 + - 1.11.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://flink.apache.org/2021/12/10/log4j-cve.html + notes: To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, + which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped + because CVE-2021-45046 was discovered during the release publication. The new + 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j + to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. + references: + - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Fortress + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 2.0.7 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.0.7. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Geode + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.14.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.12.6, 1.13.5, 1.14.1. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Guacamole + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hadoop + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: HBase + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: James + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.6.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Jena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 4.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JMeter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JSPWiki + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.11.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Kafka + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kafka.apache.org/cve-list + notes: Uses Log4j 1.2.17. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Log4j 1.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logging.apache.org/log4j/2.x/security.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Log4j 2.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.17.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logging.apache.org/log4j/2.x/security.html + notes: Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: NiFi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: OFBiz + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 18.12.03 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Ozone + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.2.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SkyWalking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 8.9.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SOLR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 7.4.0 to 7.7.3 + - 8.0.0 to 8.11.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 + notes: Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several + configurations. + references: + - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' + last_updated: '2021-12-16T00:00:00' + - vendor: Apache + product: Spark + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Uses log4j 1.x + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Struts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.5.28 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Struts 2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Versions before 2.5.28.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2436,14 +6627,983 @@ software: vendor_links: - https://struts.apache.org/announce-2021 notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is - available as a “General Availability” release. The GA designation is our highest + available as a General Availability release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). references: - - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: Tomcat + - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: Tapestry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 5.7.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Tika + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.0.0 and up + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Tomcat + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tomcat.apache.org/security-9.html + notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications + deployed on Apache Tomcat may have a dependency on log4j. You should seek support + from the application vendor in this instance. It is possible to configure Apache + Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit + configuration and the addition of the log4j 2.x library. Anyone who has switched + Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. + In most cases, disabling the problematic feature will be the simplest solution. + Exactly how to do that depends on the exact version of log4j 2.x being used. + Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: TrafficControl + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: ZooKeeper + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: APC by Schneider Electric + product: Powerchute Business Edition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v9.5 + - v10.0.1 + - v10.0.2 + - v10.0.3 + - v10.0.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: APC by Schneider Electric + product: Powerchute Network Shutdown + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.2' + - '4.3' + - '4.4' + - 4.4.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Apereo + product: CAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 6.3.x + - 6.4.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apereo.github.io/2021/12/11/log4j-vuln/ + notes: Other versions still in active maintainance might need manual inspection. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apereo + product: Opencast + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 9.10 + - < 10.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apigee + product: Edge and OPDK products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.apigee.com/incidents/3cgzb0q2r10p + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apollo + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.apollographql.com/t/log4j-vulnerability/2214 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Appdynamics + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Appeon + product: PowerBuilder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Appeon PowerBuilder 2017-2021 regardless of product edition + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.appeon.com/index.php/qna/q-a/apache-log4j-security-vulnerabilities + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: AppGate + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Appian + product: Appian Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Application Performance Ltd + product: DBMarlin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: APPSHEET + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aptible + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Search 5.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aqua Security + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arbiter Systems + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arbiter.com/news/index.php?id=4403 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: ARC Informatique + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 + notes: '' + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Arca Noae + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arcserve + product: Arcserve Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve Continuous Availability + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve Email Archiving + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve UDP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 6.5-8.3 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: ShadowProtect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: ShadowXafe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Solo + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: StorageCraft OneXafe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: ArcticWolf + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://arcticwolf.com/resources/blog/log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arduino + product: IDE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.8.17 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ariba + product: All cves: cve-2021-4104: investigated: false @@ -2452,8 +7612,37 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Analytics Node for Converged Cloud Fabric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true affected_versions: - - 9.0.x + - '>7.0.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2467,21 +7656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tomcat.apache.org/security-9.html - notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications - deployed on Apache Tomcat may have a dependency on log4j. You should seek support - from the application vendor in this instance. It is possible to configure Apache - Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit - configuration and the addition of the log4j 2.x library. Anyone who has switched - Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. - In most cases, disabling the problematic feature will be the simplest solution. - Exactly how to do that depends on the exact version of log4j 2.x being used. - Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Apereo - product: CAS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Analytics Node for DANZ Monitoring Fabric cves: cve-2021-4104: investigated: false @@ -2491,7 +7672,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 6.3.x & 6.4.x + - '>7.0.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2505,13 +7686,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://apereo.github.io/2021/12/11/log4j-vuln/ - notes: '' + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Monitoring Fabric references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apereo - product: Opencast + - vendor: Arista + product: CloudVision Portal cves: cve-2021-4104: investigated: false @@ -2521,8 +7702,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 9.10 - - < 10.6 + - '>2019.1.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2536,13 +7716,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Application Performance Ltd - product: DBMarlin + - vendor: Arista + product: CloudVision Wi-Fi, virtual or physical appliance cves: cve-2021-4104: investigated: false @@ -2550,11 +7730,71 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - '>8.8' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Embedded Analytics for Converged Cloud Fabric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true affected_versions: - - Not Affected + - '>5.3.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: AirWave Management Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2565,13 +7805,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Apigee - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Analytics and Location Engine cves: cve-2021-4104: investigated: false @@ -2579,10 +7820,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS SD-WAN Gateways + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2594,13 +7866,73 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.apigee.com/incidents/3cgzb0q2r10p + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apollo - product: '' + - vendor: Aruba Networks + product: ArubaOS Wi-Fi Controllers and Gateways + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS-CX Switches + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS-S Switches cves: cve-2021-4104: investigated: false @@ -2608,10 +7940,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Central + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2623,13 +7986,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.apollographql.com/t/log4j-vulnerability/2214 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appdynamics - product: '' + - vendor: Aruba Networks + product: Central On-Prem cves: cve-2021-4104: investigated: false @@ -2637,10 +8000,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2652,13 +8016,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appeon - product: PowerBuilder + - vendor: Aruba Networks + product: ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -2667,10 +8031,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Appeon PowerBuilder 2017-2021 regardless of product edition + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2681,13 +8045,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: AppGate - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: EdgeConnect cves: cve-2021-4104: investigated: false @@ -2695,10 +8060,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2710,13 +8076,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appian - product: Appian Platform + - vendor: Aruba Networks + product: Fabric Composer (AFC) cves: cve-2021-4104: investigated: false @@ -2726,9 +8092,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2740,13 +8106,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Application Performance Ltd - product: DBMarlin + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: HP ProCurve Switches cves: cve-2021-4104: investigated: false @@ -2754,10 +8120,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2769,13 +8136,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: APPSHEET - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant cves: cve-2021-4104: investigated: false @@ -2783,10 +8150,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2798,13 +8166,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aptible - product: Aptible + - vendor: Aruba Networks + product: Instant Access Points cves: cve-2021-4104: investigated: false @@ -2813,10 +8181,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ElasticSearch 5.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2828,13 +8196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: APC by Schneider Electric - product: Powerchute Business Edition + - vendor: Aruba Networks + product: Instant On cves: cve-2021-4104: investigated: false @@ -2844,13 +8212,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - v9.5 - - v10.0.1 - - v10.0.2 - - v10.0.3 - - v10.0.4 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2862,13 +8226,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: APC by Schneider Electric - product: Powerchute Network Shutdown + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: IntroSpect cves: cve-2021-4104: investigated: false @@ -2879,10 +8243,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.2' - - '4.3' - - '4.4' - - 4.4.1 + - Versions 2.5.0.0 to 2.5.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2895,13 +8256,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Aqua Security - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy GMS Products cves: cve-2021-4104: investigated: false @@ -2909,9 +8270,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2924,13 +8286,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arbiter Systems - product: All + - vendor: Aruba Networks + product: Legacy NX cves: cve-2021-4104: investigated: false @@ -2938,10 +8300,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2953,13 +8316,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arbiter.com/news/index.php?id=4403 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: ARC Informatique - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VRX cves: cve-2021-4104: investigated: false @@ -2970,7 +8333,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2982,13 +8346,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Arca Noae - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VX cves: cve-2021-4104: investigated: false @@ -2996,10 +8360,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3011,13 +8376,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/ + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arcserve - product: Arcserve Backup + - vendor: Aruba Networks + product: NetEdit cves: cve-2021-4104: investigated: false @@ -3029,7 +8394,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3041,13 +8406,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve Continuous Availability + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Plexxi Composable Fabric Manager (CFM) cves: cve-2021-4104: investigated: false @@ -3059,7 +8424,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3071,13 +8436,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve Email Archiving + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Silver Peak Orchestrator cves: cve-2021-4104: investigated: false @@ -3087,9 +8452,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3101,13 +8466,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve UDP + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -3119,7 +8484,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 6.5-8.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3131,13 +8496,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: ShadowProtect + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: VIA Clients cves: cve-2021-4104: investigated: false @@ -3149,7 +8514,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3161,13 +8526,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: ShadowXafe + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ataccama + product: All cves: cve-2021-4104: investigated: false @@ -3175,11 +8540,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3191,13 +8555,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Solo + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atera + product: All cves: cve-2021-4104: investigated: false @@ -3205,11 +8569,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3221,13 +8584,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/ notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: StorageCraft OneXafe + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Bamboo Server & Data Center cves: cve-2021-4104: investigated: false @@ -3236,10 +8599,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On Prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3251,13 +8614,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: Only vulnerable when using non-default config, cloud version fixed. references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: ArcticWolf - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Bitbucket Server & Data Center cves: cve-2021-4104: investigated: false @@ -3265,9 +8628,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - On prem unaffected_versions: [] cve-2021-45046: investigated: false @@ -3280,13 +8644,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://arcticwolf.com/resources/blog/log4j - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: This product is not vulnerable to remote code execution but may leak information + due to the bundled Elasticsearch component being vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arduino - product: '' + - vendor: Atlassian + product: Confluence Server & Data Center cves: cve-2021-4104: investigated: false @@ -3294,8 +8659,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3309,13 +8675,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: Only vulnerable when using non-default config, cloud version fixed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ariba - product: '' + - vendor: Atlassian + product: Confluence-CIS CSAT Pro cves: cve-2021-4104: investigated: false @@ -3323,8 +8689,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v1.7.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3338,13 +8705,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arista - product: '' + - vendor: Atlassian + product: Confluence-CIS WorkBench cves: cve-2021-4104: investigated: false @@ -3352,10 +8719,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3367,13 +8735,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aruba Networks - product: '' + - vendor: Atlassian + product: Confluence-CIS-CAT Lite cves: cve-2021-4104: investigated: false @@ -3381,8 +8749,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3396,13 +8765,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ataccama - product: '' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable cves: cve-2021-4104: investigated: false @@ -3410,8 +8779,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v3.0.77 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3425,13 +8795,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Atera - product: '' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v4 cves: cve-2021-4104: investigated: false @@ -3439,8 +8809,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3454,13 +8825,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/ + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Bamboo Server & Data Center + product: Confluence-CIS-CAT Pro Assessor v4 Service cves: cve-2021-4104: investigated: false @@ -3469,10 +8840,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - v1.13.0 fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3485,13 +8856,12 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Bitbucket Server & Data Center + product: Confluence-CIS-CAT Pro Dashboard cves: cve-2021-4104: investigated: false @@ -3500,10 +8870,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3516,13 +8886,12 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product is not vulnerable to remote code execution but may leak information - due to the bundled Elasticsearch component being vulnerable. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Confluence Server & Data Center + product: Confluence-CIS-Hosted CSAT cves: cve-2021-4104: investigated: false @@ -3534,7 +8903,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3547,8 +8916,7 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -3562,10 +8930,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3593,10 +8961,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3624,10 +8992,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3655,10 +9023,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3676,8 +9044,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Attivo networks - product: '' + - vendor: Attivo Networks + product: All cves: cve-2021-4104: investigated: false @@ -3718,7 +9086,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -3731,12 +9099,14 @@ software: unaffected_versions: [] vendor_links: - https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen - notes: The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. + notes: The security vulnerability does NOT affect our applications and products + or pose any threat. This applies to all Bachmann applications and products, + including atvise solutions. references: - '' last_updated: '2022-01-17T00:00:00' - vendor: AudioCodes - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3765,7 +9135,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autodesk - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3800,8 +9170,102 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: Automation Anywhere + product: Automation 360 Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automation Anywhere + product: Automation 360 On Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automation Anywhere + product: Automation Anywhere + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 11.x + - <11.3x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Automox - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3830,7 +9294,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autopsy - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3859,7 +9323,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Auvik - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3888,7 +9352,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Avantra SYSLINK - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3951,7 +9415,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura for OneCloud Private + product: Avaya Aura Application Enablement Services cves: cve-2021-4104: investigated: false @@ -3959,8 +9423,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.1.3.2 + - 8.1.3.3 + - '10.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3975,15 +9442,12 @@ software: unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: Avaya is scanning and monitoring its OneCloud Private environments as part - of its management activities. Avaya will continue to monitor this fluid situation - and remediations will be made as patches become available, in accordance with - appropriate change processes. + notes: '' references: - - '' + - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Application Enablement Services + product: Avaya Aura Contact Center cves: cve-2021-4104: investigated: false @@ -3993,9 +9457,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.1.3.2 - - 8.1.3.3 - - '10.1' + - 7.0.2 + - 7.0.3 + - '7.1' + - 7.1.1 + - 7.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4012,10 +9478,10 @@ software: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' + - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Contact Center + product: Avaya Aura Device Services cves: cve-2021-4104: investigated: false @@ -4025,11 +9491,13 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.0.2 - - 7.0.3 - - '7.1' - - 7.1.1 - - 7.1.2 + - '8' + - 8.0.1 + - 8.0.2 + - '8.1' + - 8.1.3 + - 8.1.4 + - 8.1.5 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4049,7 +9517,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Device Services + product: Avaya Aura for OneCloud Private cves: cve-2021-4104: investigated: false @@ -4059,10 +9527,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '8' - - '8.1' - - 8.1.4 - - 8.1.5 + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4077,12 +9542,15 @@ software: unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + notes: Avaya is scanning and monitoring its OneCloud Private environments as part + of its management activities. Avaya will continue to monitor this fluid situation + and remediations will be made as patches become available, in accordance with + appropriate change processes. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Media Server + product: Avaya Aura Media Server cves: cve-2021-4104: investigated: false @@ -4114,7 +9582,7 @@ software: - '[PSN020549u](https://download.avaya.com/css/secure/documents/101079316)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Presence Services + product: Avaya Aura Presence Services cves: cve-2021-4104: investigated: false @@ -4153,7 +9621,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Session Manager + product: Avaya Aura Session Manager cves: cve-2021-4104: investigated: false @@ -4190,7 +9658,7 @@ software: - '[PSN020550u](https://download.avaya.com/css/public/documents/101079384)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® System Manager + product: Avaya Aura System Manager cves: cve-2021-4104: investigated: false @@ -4221,7 +9689,7 @@ software: - '[PSN005565u](https://download.avaya.com/css/secure/documents/101079390)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Web Gateway + product: Avaya Aura Web Gateway cves: cve-2021-4104: investigated: false @@ -4234,7 +9702,7 @@ software: - 3.11[P] - 3.8.1[P] - 3.8[P] - - 3.9.1 [P] + - 3.9.1[P] - 3.9[P] fixed_versions: [] unaffected_versions: [] @@ -4255,7 +9723,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Breeze™ + product: Avaya Breeze cves: cve-2021-4104: investigated: false @@ -4413,7 +9881,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya one cloud private -UCaaS - Mid Market Aura + product: Avaya OneCloud-Private cves: cve-2021-4104: investigated: false @@ -4423,7 +9891,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '1' + - '2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4443,7 +9911,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya OneCloud-Private + product: Avaya OneCloud-Private-UCaaS - Mid Market Aura cves: cve-2021-4104: investigated: false @@ -4453,7 +9921,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2' + - '1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4515,8 +9983,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4691,7 +10160,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Equinox™ Conferencing + product: Equinox Conferencing cves: cve-2021-4104: investigated: false @@ -4751,7 +10220,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: IP Office™ Platform + product: IP Office Platform cves: cve-2021-4104: investigated: false @@ -4816,40 +10285,8 @@ software: references: - '' last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Device Services - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 8.0.1 - - 8.0.2 - - 8.1.3 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' - references: - - '' - last_updated: '2021-12-14T00:00:00' - vendor: AVEPOINT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4878,7 +10315,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AVM - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4886,10 +10323,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4902,12 +10340,12 @@ software: unaffected_versions: [] vendor_links: - https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C - notes: '' + notes: devices, firmware, software incl. MyFritz Service. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AvTech RoomAlert - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4935,8 +10373,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AWS New - product: '' + - vendor: AXIS + product: OS cves: cve-2021-4104: investigated: false @@ -4944,10 +10382,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4959,13 +10398,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://help.axis.com/axis-os notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXON - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4994,7 +10433,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXS Guard - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5023,7 +10462,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Axways Applications - product: '' + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 5a00349..560395b 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -13,10 +13,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33,8 +34,8 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Baxter - product: '' + - vendor: Backblaze + product: Cloud cves: cve-2021-4104: investigated: false @@ -42,9 +43,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -57,13 +59,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf - notes: '' + - https://help.backblaze.com/hc/en-us/articles/4412580603419 + notes: Cloud service patched. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BackBox - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -92,7 +94,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Balbix - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -121,7 +123,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Baramundi Products - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -150,7 +152,157 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Barco - product: '' + product: Demetra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.barco.com/en/support/knowledge-base/kb12495 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: Demetra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.barco.com/en/support/knowledge-base/kb12495 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: Green Barco Wall Control Manager (gBCM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.barco.com/en/support/knowledge-base/kb12495 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: MediCal QAWeb + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.barco.com/en/support/knowledge-base/kb12495 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: NexxisOR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.barco.com/en/support/knowledge-base/kb12495 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: OpSpace cves: cve-2021-4104: investigated: false @@ -158,10 +310,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.8 - 1.9.4.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.barco.com/en/support/knowledge-base/kb12495 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: Transform N (TFN) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -179,7 +362,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Barracuda - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -207,8 +390,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BBraun - product: Outlook® Safety Infusion System Pump family + - vendor: Basis Technology + product: Autopsy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.18.0 onwards + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.autopsy.com/autopsy-and-log4j-vulnerability/ + notes: version 4.18.0 onwards use Apache Solr 8. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Baxter + product: All cves: cve-2021-4104: investigated: false @@ -231,14 +444,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® - Space® Infusion + product: APEX® Compounder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software cves: cve-2021-4104: investigated: false @@ -246,10 +488,2040 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Outlook® Safety Infusion System Pump family + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Pinnacle® Compounder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Pump, SpaceStation, and Space® Wireless Battery) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® + Space® Infusion + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: BD + product: Arctic Sun™ Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Diabetes Care App Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Clinical Advisor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Data Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Diversion Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Infection Advisor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Inventory Optimization Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Medication Safety + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Knowledge Portal for BD Pyxis™ Supply + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Knowledge Portal for Infusion Technologies + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Knowledge Portal for Medication Technologies + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Synapsys™ Informatics Solution + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Veritor™ COVID At Home Solution Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Beckman Coulter + product: Access 2 (Immunoassay System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T 5diff (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T Family (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU2700 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU480 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5400 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5800 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU640 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU680 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1200 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1250 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2500 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2550 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 Fit (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 520 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 560 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 600 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 690T (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 800 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 900 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS II (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM Autoplak (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1040 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1096 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Command Central (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Customers can follow instructions to remove log4j + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Insights (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Patch has been applied. + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Inventory Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Workflow Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxU Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUc (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUm (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HighFlexX Software (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX AL (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iChemVELOCITY (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: IMMAGE 800 (Nephelometry) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Intelligent Sample Banking ISB (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ipaw (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ200 (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iRICELL (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LabPro Workstation and Database Computers Provided by Beckman Coulter + (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: The only known instance of vulnerability due to Log4J is using Axeda services + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidemaker (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidestraine (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH750 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH780 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH785 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -261,13 +2533,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: Pump, SpaceStation, and Space® Wireless Battery) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: MicroScan autoSCAN-4 (Microbiology) cves: cve-2021-4104: investigated: false @@ -275,10 +2547,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -290,13 +2563,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7300 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -304,10 +2577,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -319,13 +2593,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: Pinnacle® Compounder + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7400 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -333,10 +2607,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -348,13 +2623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: APEX® Compounder + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Express (Lab Automation) cves: cve-2021-4104: investigated: false @@ -362,10 +2637,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -377,13 +2653,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Arctic Sun™ Analytics + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Link (Lab Automation) cves: cve-2021-4104: investigated: false @@ -391,10 +2667,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -406,13 +2683,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Diabetes Care App Cloud + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Processor (Lab Automation) cves: cve-2021-4104: investigated: false @@ -420,10 +2697,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -435,13 +2713,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Clinical Advisor + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PROService (Information Systems) cves: cve-2021-4104: investigated: false @@ -449,10 +2727,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -464,13 +2743,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Data Manager + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: RAP Box (Information Systems) cves: cve-2021-4104: investigated: false @@ -478,10 +2757,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -493,13 +2773,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Diversion Management + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: REMISOL ADVANCE (Information Systems) cves: cve-2021-4104: investigated: false @@ -507,10 +2787,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -522,13 +2803,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Infection Advisor + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Sorting Drive (Lab Automation) cves: cve-2021-4104: investigated: false @@ -536,10 +2817,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -551,13 +2833,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Inventory Optimization Analytics + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 600 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -565,10 +2847,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -580,13 +2863,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Medication Safety + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 800 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -594,10 +2877,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -609,13 +2893,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for Infusion Technologies + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 600 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -623,10 +2907,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -638,13 +2923,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for Medication Technologies + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 800 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -652,10 +2937,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -667,13 +2953,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for BD Pyxis™ Supply + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 plus (Microbiology) cves: cve-2021-4104: investigated: false @@ -681,10 +2967,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -696,13 +2983,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Synapsys™ Informatics Solution + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 SI (Microbiology) cves: cve-2021-4104: investigated: false @@ -710,10 +2997,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -725,13 +3013,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Veritor™ COVID At Home Solution Cloud + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 plus (Microbiology) cves: cve-2021-4104: investigated: false @@ -739,10 +3027,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -754,13 +3043,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: '' + product: WalkAway 96 SI (Microbiology) cves: cve-2021-4104: investigated: false @@ -768,10 +3057,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -787,7 +3077,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: Beijer Electronics product: acirro+ cves: @@ -1049,7 +3339,7 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: BioMerieux + - vendor: Bender product: '' cves: cve-2021-4104: @@ -1073,12 +3363,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.biomerieux.com/en/cybersecurity-data-privacy + - https://www.bender.de/en/cert notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Bender + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response + (RTIR) product: '' cves: cve-2021-4104: @@ -1102,14 +3393,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bender.de/en/cert + - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response - (RTIR) - product: '' + - vendor: BeyondTrust + product: Privilege Management Cloud cves: cve-2021-4104: investigated: false @@ -1117,9 +3407,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Unknown unaffected_versions: [] cve-2021-45046: investigated: false @@ -1132,13 +3423,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-17T00:00:00' - vendor: BeyondTrust - product: Privilege Management Cloud + product: Privilege Management Reporting in BeyondInsight cves: cve-2021-4104: investigated: false @@ -1149,7 +3440,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '21.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1168,7 +3459,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: BeyondTrust - product: Privilege Management Reporting in BeyondInsight + product: Secure Remote Access appliances cves: cve-2021-4104: investigated: false @@ -1178,9 +3469,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '21.2' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -1197,8 +3488,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Secure Remote Access appliances + - vendor: BeyondTrust Bomgar + product: '' cves: cve-2021-4104: investigated: false @@ -1206,11 +3497,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1222,12 +3512,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust Bomgar + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BioMerieux product: '' cves: cve-2021-4104: @@ -1251,11 +3541,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 + - https://www.biomerieux.com/en/cybersecurity-data-privacy notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-22T00:00:00' - vendor: BisectHosting product: '' cves: @@ -2590,7 +4880,7 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Boston Scientific + - vendor: Bosch product: '' cves: cve-2021-4104: @@ -2614,12 +4904,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf + - https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Bosch + last_updated: '2021-12-22T00:00:00' + - vendor: Boston Scientific product: '' cves: cve-2021-4104: @@ -2643,11 +4933,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/ + - https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Box product: '' cves: @@ -4067,7 +6357,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Symantec Protection Engine (SPE) cves: @@ -4096,7 +6386,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Symantec Protection for SharePoint Servers (SPSS) cves: @@ -4125,7 +6415,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: VIP cves: @@ -4154,7 +6444,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: VIP Authentication Hub cves: @@ -4183,7 +6473,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Web Isolation (WI) cves: @@ -4212,7 +6502,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Web Security Service (WSS) cves: @@ -4241,7 +6531,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: WebPulse cves: @@ -4270,5 +6560,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index 648dacb..a17ca4c 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Campbell Scientific product: All cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Canary Labs product: All cves: @@ -121,7 +121,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: CT Medical Imaging Products + product: Canon DR Products CXDI_NE) cves: cve-2021-4104: investigated: false @@ -129,10 +129,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -145,12 +146,12 @@ software: unaffected_versions: [] vendor_links: - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' + notes: Such as Omnera, FlexPro, Soltus references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: MR Medical Imaging Products + product: CT Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -158,10 +159,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -177,9 +179,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: UL Medical Imaging Products + product: Eye-Care Products cves: cve-2021-4104: investigated: false @@ -187,10 +189,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -206,9 +209,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: XR Medical Imaging Products + product: MR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -216,10 +219,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -235,7 +239,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: NM Medical Imaging Products cves: @@ -245,10 +249,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: UL Medical Imaging Products + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -264,7 +299,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: Vitrea Advanced 7.x cves: @@ -274,8 +309,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -293,9 +329,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Infinix-i (Angio Workstation) + product: VL Alphenix Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -303,8 +339,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -322,9 +359,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Alphenix (Angio Workstation) + product: VL Infinix-i Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -332,10 +369,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: XR Medical Imaging Products + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -351,7 +419,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: CapStorm product: Copystorm cves: @@ -408,7 +476,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Carestream product: '' cves: @@ -466,7 +534,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CAS genesisWorld product: '' cves: @@ -495,7 +563,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cato Networks product: '' cves: @@ -524,7 +592,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cepheid product: C360 cves: @@ -611,7 +679,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Chaser Systems product: discrimiNAT Firewall cves: @@ -641,7 +709,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: CloudGuard cves: @@ -671,7 +739,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Harmony Endpoint & Harmony Mobile cves: @@ -701,7 +769,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Infinity Portal cves: @@ -730,7 +798,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Quantum Security Gateway cves: @@ -760,7 +828,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Quantum Security Management cves: @@ -791,7 +859,7 @@ software: this attack by default. references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: SMB cves: @@ -821,7 +889,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: ThreatCloud cves: @@ -850,7 +918,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CheckMK product: '' cves: @@ -879,7 +947,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ciphermail product: '' cves: @@ -908,7 +976,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CircleCI product: CircleCI cves: @@ -966,7 +1034,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: AppDynamics cves: @@ -995,67 +1063,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Common Services Platform Collector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Network Services Orchestrator (NSO) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco System Architecture Evolution Gateway (SAEGW) + product: Cisco ACI Multi-Site Orchestrator cves: cve-2021-4104: investigated: false @@ -1082,9 +1092,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco ACI Multi-Site Orchestrator + product: Cisco ACI Virtual Edge cves: cve-2021-4104: investigated: false @@ -1111,9 +1121,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco ACI Virtual Edge + product: Cisco Adaptive Security Appliance (ASA) Software cves: cve-2021-4104: investigated: false @@ -1140,9 +1150,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Adaptive Security Appliance (ASA) Software + product: Cisco Advanced Web Security Reporting Application cves: cve-2021-4104: investigated: false @@ -1169,9 +1179,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Advanced Web Security Reporting Application + product: Cisco AMP Virtual Private Cloud Appliance cves: cve-2021-4104: investigated: false @@ -1198,9 +1208,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco AMP Virtual Private Cloud Appliance + product: Cisco AnyConnect Secure Mobility Client cves: cve-2021-4104: investigated: false @@ -1227,9 +1237,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco AnyConnect Secure Mobility Client + product: Cisco Application Policy Infrastructure Controller (APIC) cves: cve-2021-4104: investigated: false @@ -1256,9 +1266,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Application Policy Infrastructure Controller (APIC) + product: Cisco ASR 5000 Series Routers cves: cve-2021-4104: investigated: false @@ -1285,9 +1295,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco ASR 5000 Series Routers + product: Cisco Broadcloud Calling cves: cve-2021-4104: investigated: false @@ -1314,9 +1324,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Broadcloud Calling + product: Cisco BroadWorks cves: cve-2021-4104: investigated: false @@ -1343,9 +1353,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco BroadWorks + product: Cisco Catalyst 9800 Series Wireless Controllers cves: cve-2021-4104: investigated: false @@ -1372,9 +1382,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Catalyst 9800 Series Wireless Controllers + product: Cisco CloudCenter Suite Admin cves: cve-2021-4104: investigated: false @@ -1401,9 +1411,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco CloudCenter Suite Admin + product: Cisco CloudCenter Workload Manager cves: cve-2021-4104: investigated: false @@ -1430,9 +1440,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco CloudCenter Workload Manager + product: Cisco Cognitive Intelligence cves: cve-2021-4104: investigated: false @@ -1459,9 +1469,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Cognitive Intelligence + product: Cisco Common Services Platform Collector cves: cve-2021-4104: investigated: false @@ -1488,7 +1498,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Computer Telephony Integration Object Server (CTIOS) cves: @@ -1517,7 +1527,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Connected Grid Device Manager cves: @@ -1546,7 +1556,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Connected Mobile Experiences cves: @@ -1575,7 +1585,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Connectivity cves: @@ -1604,7 +1614,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Contact Center Domain Manager (CCDM) cves: @@ -1633,7 +1643,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Contact Center Management Portal (CCMP) cves: @@ -1662,7 +1672,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Crosswork Change Automation cves: @@ -1691,7 +1701,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco CX Cloud Agent Software cves: @@ -1720,7 +1730,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Data Center Network Manager (DCNM) cves: @@ -1749,7 +1759,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Defense Orchestrator cves: @@ -1778,7 +1788,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco DNA Assurance cves: @@ -1807,7 +1817,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco DNA Center cves: @@ -1836,7 +1846,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco DNA Spaces cves: @@ -1865,35 +1875,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: DUO network gateway (on-prem/self-hosted) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Elastic Services Controller (ESC) cves: @@ -1922,7 +1904,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Emergency Responder cves: @@ -1951,7 +1933,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Enterprise Chat and Email cves: @@ -1980,7 +1962,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Enterprise NFV Infrastructure Software (NFVIS) cves: @@ -2009,7 +1991,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Evolved Programmable Network Manager cves: @@ -2038,7 +2020,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Extensible Network Controller (XNC) cves: @@ -2067,7 +2049,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Finesse cves: @@ -2096,7 +2078,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Firepower Management Center cves: @@ -2125,7 +2107,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Firepower Threat Defense (FTD) cves: @@ -2154,7 +2136,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco GGSN Gateway GPRS Support Node cves: @@ -2183,7 +2165,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco HyperFlex System cves: @@ -2212,7 +2194,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Identity Services Engine (ISE) cves: @@ -2241,7 +2223,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Integrated Management Controller (IMC) Supervisor cves: @@ -2270,7 +2252,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Intersight cves: @@ -2299,7 +2281,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Intersight Virtual Appliance cves: @@ -2328,7 +2310,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IOS and IOS XE Software cves: @@ -2357,7 +2339,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IoT Field Network Director (formerly Cisco Connected Grid Network Management System) @@ -2387,7 +2369,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IoT Operations Dashboard cves: @@ -2416,7 +2398,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IOx Fog Director cves: @@ -2445,7 +2427,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IP Services Gateway (IPSG) cves: @@ -2474,7 +2456,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Kinetic for Cities cves: @@ -2503,7 +2485,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco MDS 9000 Series Multilayer Switches cves: @@ -2532,7 +2514,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Meeting Server cves: @@ -2561,7 +2543,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco MME Mobility Management Entity cves: @@ -2590,7 +2572,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Modeling Labs cves: @@ -2619,7 +2601,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Assessment (CNA) Tool cves: @@ -2648,7 +2630,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Assurance Engine cves: @@ -2677,7 +2659,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Convergence System 2000 Series cves: @@ -2706,7 +2688,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Planner cves: @@ -2735,7 +2717,36 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Network Services Orchestrator (NSO) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 5500 Platform Switches cves: @@ -2764,7 +2775,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 5600 Platform Switches cves: @@ -2793,7 +2804,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 6000 Series Switches cves: @@ -2822,7 +2833,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 7000 Series Switches cves: @@ -2851,7 +2862,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode @@ -2881,7 +2892,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus Dashboard (formerly Cisco Application Services Engine) cves: @@ -2910,7 +2921,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus Data Broker cves: @@ -2939,7 +2950,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus Insights cves: @@ -2968,7 +2979,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Optical Network Planner cves: @@ -2997,7 +3008,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Packaged Contact Center Enterprise cves: @@ -3026,9 +3037,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Paging Server (InformaCast) + product: Cisco Paging Server cves: cve-2021-4104: investigated: false @@ -3055,9 +3066,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Paging Server + product: Cisco Paging Server (InformaCast) cves: cve-2021-4104: investigated: false @@ -3084,7 +3095,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco PDSN/HA Packet Data Serving Node and Home Agent cves: @@ -3113,7 +3124,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco PGW Packet Data Network Gateway cves: @@ -3142,7 +3153,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Policy Suite cves: @@ -3171,7 +3182,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Central for Service Providers cves: @@ -3200,7 +3211,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Collaboration Manager cves: @@ -3229,7 +3240,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Collaboration Provisioning cves: @@ -3258,7 +3269,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Infrastructure cves: @@ -3287,7 +3298,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime License Manager cves: @@ -3316,7 +3327,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Network cves: @@ -3345,7 +3356,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Optical for Service Providers cves: @@ -3374,7 +3385,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Provisioning cves: @@ -3403,7 +3414,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Service Catalog cves: @@ -3432,7 +3443,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Registered Envelope Service cves: @@ -3461,7 +3472,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge 1000 Series Routers cves: @@ -3490,7 +3501,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge 2000 Series Routers cves: @@ -3519,7 +3530,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge 5000 Series Routers cves: @@ -3548,7 +3559,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge Cloud Router Platform cves: @@ -3577,7 +3588,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vManage cves: @@ -3606,7 +3617,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Secure Network Analytics (SNA), formerly Stealthwatch cves: @@ -3635,7 +3646,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SocialMiner cves: @@ -3664,9 +3675,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco TelePresence Management Suite + product: Cisco System Architecture Evolution Gateway (SAEGW) cves: cve-2021-4104: investigated: false @@ -3693,9 +3704,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco UCS Director + product: Cisco TelePresence Management Suite cves: cve-2021-4104: investigated: false @@ -3722,9 +3733,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco UCS Performance Manager + product: Cisco UCS Director cves: cve-2021-4104: investigated: false @@ -3751,7 +3762,36 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco UCS Performance Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Umbrella cves: @@ -3780,7 +3820,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Advanced cves: @@ -3809,7 +3849,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Business Edition cves: @@ -3838,7 +3878,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Department Edition cves: @@ -3867,7 +3907,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Enterprise Edition cves: @@ -3896,7 +3936,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Premium Edition cves: @@ -3925,7 +3965,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Communications Manager Cloud cves: @@ -3954,9 +3994,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Enterprise - Live Data server + product: Cisco Unified Contact Center Enterprise cves: cve-2021-4104: investigated: false @@ -3983,9 +4023,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Enterprise + product: Cisco Unified Contact Center Enterprise - Live Data server cves: cve-2021-4104: investigated: false @@ -4012,7 +4052,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Contact Center Express cves: @@ -4041,7 +4081,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Intelligent Contact Management Enterprise cves: @@ -4070,7 +4110,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified SIP Proxy Software cves: @@ -4099,7 +4139,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Video Surveillance Operations Manager cves: @@ -4128,7 +4168,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM cves: @@ -4157,7 +4197,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Virtualized Voice Browser cves: @@ -4186,7 +4226,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Vision Dynamic Signage Director cves: @@ -4215,7 +4255,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco WAN Automation Engine (WAE) cves: @@ -4244,7 +4284,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Web Security Appliance (WSA) cves: @@ -4273,7 +4313,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Webex Cloud-Connected UC (CCUC) cves: @@ -4302,7 +4342,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Webex Meetings Server cves: @@ -4331,7 +4371,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Webex Teams cves: @@ -4360,7 +4400,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Wide Area Application Services (WAAS) cves: @@ -4389,7 +4429,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Duo cves: @@ -4418,7 +4458,35 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: DUO network gateway (on-prem/self-hosted) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: duo network gateway (on-prem/self-hosted) cves: @@ -4446,7 +4514,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Exony Virtualized Interaction Manager (VIM) cves: @@ -4475,7 +4543,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Managed Services Accelerator (MSX) Network Access Control Service cves: @@ -4504,7 +4572,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Citrix product: Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) cves: @@ -4520,22 +4588,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4554,22 +4620,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4582,27 +4646,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4615,32 +4678,31 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for + product: Citrix Content Collaboration (ShareFile Integration)–Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook cves: cve-2021-4104: @@ -4649,27 +4711,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4682,31 +4743,32 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP3 + - 10.13 RP6 + - 10.12 RP11 unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised - to apply the latest CEM rolling patch updates listed below as soon as possible - to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); - [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); - and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). - Note: Customers who have upgraded their XenMobile Server to the updated versions - are recommended not to apply the responder policy mentioned in the blog listed - below to the Citrix ADC vserver in front of the XenMobile Server as it may impact - the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4719,27 +4781,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4752,27 +4813,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4791,27 +4851,25 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: ShareFile Storage Zones Controller + product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) cves: cve-2021-4104: investigated: false @@ -4819,32 +4877,31 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Linux Virtual Delivery Agent 2112 unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Linux Virtual Delivery Agent 2112 unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) + product: Citrix Workspace App cves: cve-2021-4104: investigated: false @@ -4852,35 +4909,31 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Workspace App + product: ShareFile Storage Zones Controller cves: cve-2021-4104: investigated: false @@ -4894,22 +4947,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4941,7 +4992,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: AM2CM Tool cves: @@ -4970,7 +5021,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Ambari cves: @@ -5001,7 +5052,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Arcadia Enterprise cves: @@ -5031,7 +5082,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDH, HDP, and HDF cves: @@ -5061,7 +5112,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDP Operational Database (COD) cves: @@ -5090,7 +5141,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDP Private Cloud Base cves: @@ -5120,7 +5171,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDS 3 Powered by Apache Spark cves: @@ -5150,7 +5201,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDS 3.2 for GPUs cves: @@ -5180,7 +5231,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Cybersecurity Platform cves: @@ -5210,7 +5261,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Engineering (CDE) cves: @@ -5239,7 +5290,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Engineering (CDE) cves: @@ -5269,7 +5320,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Flow (CFM) cves: @@ -5298,7 +5349,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Science Workbench (CDSW) cves: @@ -5329,7 +5380,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Visualization (CDV) cves: @@ -5358,7 +5409,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Warehouse (CDW) cves: @@ -5387,7 +5438,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Warehouse (CDW) cves: @@ -5417,7 +5468,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera DataFlow (CDF) cves: @@ -5446,7 +5497,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Edge Management (CEM) cves: @@ -5476,7 +5527,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Enterprise cves: @@ -5506,7 +5557,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Flow Management (CFM) cves: @@ -5536,7 +5587,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Machine Learning (CML) cves: @@ -5565,7 +5616,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Machine Learning (CML) cves: @@ -5595,7 +5646,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) @@ -5626,7 +5677,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) @@ -5659,7 +5710,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Manager (Including Backup Disaster Recovery (BDR)) cves: @@ -5688,7 +5739,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) cves: @@ -5720,7 +5771,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Stream Processing (CSP) cves: @@ -5750,7 +5801,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Streaming Analytics (CSA) cves: @@ -5779,7 +5830,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Streaming Analytics (CSA) cves: @@ -5808,7 +5859,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Analytics Studio (DAS) cves: @@ -5837,7 +5888,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Catalog cves: @@ -5866,7 +5917,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Lifecycle Manager (DLM) cves: @@ -5895,7 +5946,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Steward Studio (DSS) cves: @@ -5925,7 +5976,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Hortonworks Data Flow (HDF) cves: @@ -5954,7 +6005,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Hortonworks Data Platform (HDP) cves: @@ -5986,7 +6037,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Hortonworks DataPlane Platform cves: @@ -6015,7 +6066,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Management Console cves: @@ -6045,7 +6096,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Management Console for CDP Public Cloud cves: @@ -6074,7 +6125,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Replication Manager cves: @@ -6103,7 +6154,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: SmartSense cves: @@ -6132,7 +6183,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Workload Manager cves: @@ -6161,9 +6212,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Workload XM (SaaS) + product: Workload XM cves: cve-2021-4104: investigated: false @@ -6171,8 +6222,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6190,9 +6242,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Workload XM + product: Workload XM (SaaS) cves: cve-2021-4104: investigated: false @@ -6200,9 +6252,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6220,7 +6271,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CloudFlare product: '' cves: @@ -6249,7 +6300,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudian HyperStore product: '' cves: @@ -6278,7 +6329,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudogu product: Ecosystem cves: @@ -6308,7 +6359,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudogu product: SCM-Manager cves: @@ -6337,7 +6388,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudron product: '' cves: @@ -6366,7 +6417,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Clover product: '' cves: @@ -6395,7 +6446,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Code42 product: Code42 App cves: @@ -6438,8 +6489,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '8.8' - - possibly prior versions + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -6453,10 +6503,10 @@ software: unaffected_versions: [] vendor_links: - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates - notes: I think, they don't specify in the notice, but we know that they released - an updated Crashplan client. Possibly prior versions affected. + notes: The CrashPlan app is EOL and is now called Code42. If you detect CrashPlan + installed, it is vulnerable. You can update easily to Code42 8.8.1 or newer. references: - - '' + - '[https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/)' last_updated: '2021-12-16T00:00:00' - vendor: CodeBeamer product: '' @@ -6486,7 +6536,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Codesys product: '' cves: @@ -6515,7 +6565,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cohesity product: '' cves: @@ -6544,7 +6594,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CommVault product: '' cves: @@ -6573,7 +6623,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Concourse product: Concourse cves: @@ -6602,7 +6652,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ConcreteCMS.com product: '' cves: @@ -6631,7 +6681,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Confluent product: Confluent Cloud cves: @@ -6663,7 +6713,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Platform + product: Confluent ElasticSearch Sink Connector cves: cve-2021-4104: investigated: false @@ -6673,7 +6723,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <7.0.1 + - <11.1.7 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6723,7 +6773,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Kafka Connectors + product: Confluent Google DataProc Sink Connector cves: cve-2021-4104: investigated: false @@ -6732,10 +6782,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.1.5 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6753,7 +6803,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent ElasticSearch Sink Connector + product: Confluent HDFS 2 Sink Connector cves: cve-2021-4104: investigated: false @@ -6763,7 +6813,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <11.1.7 + - <10.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6783,7 +6833,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Google DataProc Sink Connector + product: Confluent HDFS 3 Sink Connector cves: cve-2021-4104: investigated: false @@ -6793,7 +6843,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <1.1.5 + - <1.1.8 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6813,7 +6863,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Splunk Sink Connector + product: Confluent Kafka Connectors cves: cve-2021-4104: investigated: false @@ -6822,10 +6872,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <2.05 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6843,7 +6893,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent HDFS 2 Sink Connector + product: Confluent Platform cves: cve-2021-4104: investigated: false @@ -6853,7 +6903,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <10.1.3 + - <7.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6873,7 +6923,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent HDFS 3 Sink Connector + product: Confluent Splunk Sink Connector cves: cve-2021-4104: investigated: false @@ -6883,7 +6933,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <1.1.8 + - <2.05 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6960,7 +7010,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ConnectWise product: '' cves: @@ -6989,7 +7039,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ContrastSecurity product: '' cves: @@ -7018,7 +7068,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ControlUp product: '' cves: @@ -7047,7 +7097,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: COPADATA product: All cves: @@ -7105,7 +7155,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CPanel product: '' cves: @@ -7134,7 +7184,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cradlepoint product: '' cves: @@ -7163,7 +7213,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Crestron product: '' cves: @@ -7221,7 +7271,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CryptShare product: '' cves: @@ -7250,7 +7300,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CyberArk product: Privileged Threat Analytics (PTA) cves: @@ -7310,7 +7360,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CyberRes product: '' cves: @@ -7339,5 +7389,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 1fefa45..3bd65f6 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -34,7 +34,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Data Vision Software (DVS) + product: Dakronics Media Player cves: cve-2021-4104: investigated: false @@ -42,10 +42,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - DMP (any series) cve-2021-45046: investigated: false affected_versions: [] @@ -58,8 +59,7 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: DVS has one microservice that uses Log4j, but it uses a version that is - not impacted. + notes: '' references: - '' last_updated: '2022-01-06T00:00:00' @@ -89,13 +89,13 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DWP-1000: Not present in our codebase, but awaiting confirmation from - LG re: webOS platform.' + notes: DWP-1000 is not present in our codebase, but awaiting confirmation from + LG re webOS platform. references: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Dakronics Media Player + product: Data Vision Software (DVS) cves: cve-2021-4104: investigated: false @@ -103,11 +103,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - DMP (any series) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -120,7 +119,8 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: '' + notes: DVS has one microservice that uses Log4j, but it uses a version that is + not impacted. references: - '' last_updated: '2022-01-06T00:00:00' @@ -244,8 +244,8 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DMS Web Player: Not present in our codebase, but awaiting confirmation - from LG re: webOS platform.' + notes: DMS Web Player not present in our codebase, but awaiting confirmation from + LG re webOS platform. references: - '' last_updated: '2022-01-06T00:00:00' @@ -588,7 +588,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: DarkTrace - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -612,12 +612,13 @@ software: unaffected_versions: [] vendor_links: - https://customerportal.darktrace.com/inside-the-soc/get-article/201 - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dassault Systèmes - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -641,12 +642,13 @@ software: unaffected_versions: [] vendor_links: - https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Databricks - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -673,15 +675,16 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datadog product: Datadog Agent cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] @@ -703,22 +706,24 @@ software: unaffected_versions: [] vendor_links: - https://www.datadoghq.com/log4j-vulnerability/ - notes: '' + notes: JMX monitoring component leverages an impacted version of log4j. references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Dataminer - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: datadog-kafka-connect-logs cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -731,23 +736,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.dataminer.services/responding-to-log4shell-vulnerability/ - notes: '' + - https://www.datadoghq.com/log4j-vulnerability/ + notes: Version 1.0.2 of the library uses version 2.16.0 of Log4j. references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Datev - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: datadog-lambda-java cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -760,13 +767,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308 - notes: '' + - https://www.datadoghq.com/log4j-vulnerability/ + notes: Following AWS recommendation, library updated using the latest version + of amazon-lambda-java-log4j2 (1.4.0). references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Datto - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dataminer + product: All cves: cve-2021-4104: investigated: false @@ -789,12 +797,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.datto.com/blog/dattos-response-to-log4shell + - https://community.dataminer.services/responding-to-log4shell-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: dCache.org + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datev product: '' cves: cve-2021-4104: @@ -818,13 +826,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dcache.org/post/log4j-vulnerability/ + - https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308 notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Debian - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datto + product: All cves: cve-2021-4104: investigated: false @@ -847,42 +855,46 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security-tracker.debian.org/tracker/CVE-2021-44228 + - https://www.datto.com/blog/dattos-response-to-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Deepinstinct - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DBeaver + product: All cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - - https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know + - https://www.dcache.org/post/log4j-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Dell - product: Alienware Command Center + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: dCache.org + product: All cves: cve-2021-4104: investigated: false @@ -890,11 +902,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -906,25 +917,26 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.dcache.org/post/log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware OC Controls + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Debian + product: Apache-log4j.1.2 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - stretch, buster, bullseye cve-2021-45046: investigated: false affected_versions: [] @@ -936,25 +948,26 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://security-tracker.debian.org/tracker/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware On Screen Display + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Debian + product: Apache-log4j2 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - stretch, buster, bullseye cve-2021-45046: investigated: false affected_versions: [] @@ -966,175 +979,191 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://security-tracker.debian.org/tracker/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware Update + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Decos + product: Cloud cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Atmos + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: EvenementenAssistent + InkomensAssistent + Leerlingenvervoer + AIM online cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Azure Stack HCI + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: Fixi cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: CalMAN Powered Calibration Firmware + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: Integrations (StUF/ZGW/Doclogic-DataIntegrator) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: CalMAN Ready for Dell + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Klant Contact cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Centera + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Zaak &I Document (on-premise) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1146,25 +1175,27 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: The solution contains Elasticsearch (vulnerable). Mitigating actions available + on our WIKI. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Chameleon Linux Based Diagnostics + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Zaak &I Document (on-premise) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1176,13 +1207,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: The SaaS hosted solution contains Logstash + Elasticsearch (vulnerable). + Mitigating actions taken. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Chassis Management Controller (CMC) + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Deepinstinct + product: All cves: cve-2021-4104: investigated: false @@ -1190,11 +1222,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1206,30 +1237,493 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dell - product: China HDD Deluxe + product: Alienware Command Center cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Alienware OC Controls + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Alienware On Screen Display + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Alienware Update + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: APEX Console + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Cloud environment patched. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: APEX Data Storage Services + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Cloud environment patch in progress. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Atmos + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Avamar vproxy + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: CalMAN Powered Calibration Firmware + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: CalMAN Ready for Dell + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Centera + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Chameleon Linux Based Diagnostics + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Chassis Management Controller (CMC) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: China HDD Deluxe + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Client Platforms (Latitude, OptiPlex, Alienware, Inspiron, Precision, + XPS, Vostro, ChengMing) BIOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] @@ -1241,71 +1735,270 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Cloud IQ + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Cloud environment patched. + references: + - '' + last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Cloud Mobility for Dell EMC Storage cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Cloud Tiering Appliance + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: CloudIQ Collector + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Common Event Enabler + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Connectrix (Cisco MDS 9000 switches) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Connectrix (Cisco MDS DCNM) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: Versions prior to 11.5(1x) + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/23/21. references: - - '' + - '[DSA-2021-302](https://www.dell.com/support/kbdoc/en-us/000194797/dsa-2021-302-dell-connectrix-mds-dcnm-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud Tiering Appliance + product: Connectrix B-Series SANnav cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.1.1 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 2/28/2022. references: - - '' + - '[DSA-2021-266](https://www.dell.com/support/kbdoc/en-us/000194461/dsa-2021-266-dell-emc-connectrix-b-series-sannav-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix (Cisco MDS 9000 switches) + product: Connextrix B Series cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -1314,14 +2007,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -1332,7 +2025,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connextrix B Series + product: CyberSecIQ Application cves: cve-2021-4104: investigated: false @@ -1344,7 +2037,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1362,7 +2055,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CyberSecIQ Application + product: CyberSense for PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -1374,7 +2067,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1392,7 +2085,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CyberSense for PowerProtect Cyber Recovery + product: Data Domain OS cves: cve-2021-4104: investigated: false @@ -1401,10 +2094,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions from 7.3.0.5 to 7.7.0.6 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1417,9 +2110,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-274 references: - - '' + - '[DSA-2021-274](https://www.dell.com/support/kbdoc/en-us/000194503/dsa-2021-274-dell-emc-data-domain-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell BSAFE Crypto-C Micro Edition @@ -1434,7 +2127,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1464,7 +2157,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1494,7 +2187,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1524,7 +2217,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1554,7 +2247,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1584,7 +2277,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1614,7 +2307,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1644,7 +2337,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1674,7 +2367,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1704,7 +2397,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1734,7 +2427,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1764,7 +2457,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1794,7 +2487,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1824,7 +2517,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1854,7 +2547,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1884,7 +2577,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1914,7 +2607,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1944,7 +2637,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1974,7 +2667,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2004,7 +2697,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2034,7 +2727,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2064,7 +2757,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2094,7 +2787,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2124,7 +2817,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2154,7 +2847,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2184,7 +2877,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2214,7 +2907,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2231,6 +2924,100 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Avamar + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '18.2' + - '19.1' + - '19.2' + - '19.3' + - '19.4' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/20/21. + references: + - '[DSA-2021-277](https://www.dell.com/support/kbdoc/en-us/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC BSN Controller Node + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-305 + references: + - '[DSA-2021-305](https://www.dell.com/support/kbdoc/en-us/000194631/dsa-2021-305-dell-emc-bsn-controller-node-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Cloud Disaster Recovery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Versions from 19.6 and later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch pending + references: + - '[DSA-2021-289](https://www.dell.com/support/kbdoc/en-us/000194663/dsa-2021-289-dell-emc-cloud-disaster-recovery-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' + last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Cloudboost cves: @@ -2244,7 +3031,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2274,7 +3061,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2304,7 +3091,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2334,7 +3121,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2362,9 +3149,16 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 18.x (or earlier) -standalone DPA is EOSL + - 18.2.x (IDPA) + - 19.1.x + - 19.2.x + - 19.3.x + - 19.4.x + - 19.5.x + - 19.6.0 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2379,7 +3173,68 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - - '' + - '[DSA-2021-309](https://www.dell.com/support/kbdoc/en-us/000194651/dsa-2021-309-dell-emc-dpa-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Data Protection Central + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 18.2.x-19.4.x + - 19.5.0-19.5.0.7 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-269 + references: + - '[DSA-2021-269](https://www.dell.com/support/kbdoc/en-us/000194557/dsa-2021-269-dell-emc-data-protection-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Data Protection Search + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Versions before 19.6 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-279 + references: + - '[DSA-2021-279](https://www.dell.com/support/kbdoc/en-us/000194629/dsa-2021-279-dell-emc-data-protection-search-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC DataIQ @@ -2394,7 +3249,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2424,7 +3279,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2441,6 +3296,38 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Enterprise Storage Analytics for vRealize Operations + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <6.0.0 + - 6.1.0 + - 6.2.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-278 + references: + - '[DSA-2021-278](https://www.dell.com/support/kbdoc/en-us/000194488/dsa-2021-278)' + last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC GeoDrive cves: @@ -2454,7 +3341,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2472,7 +3359,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Isilon InsightIQ + product: Dell EMC Integrated System for Azure Stack HCI cves: cve-2021-4104: investigated: false @@ -2481,10 +3368,43 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Dell EMC Integrated System for Azure Stack HCI is not impacted by this + advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect + Gateway (SCG) were optionally installed with Dell EMC Integrated System for + Azure Stack HCI monitor the following advisories. See DSA-2021-307. + references: + - '[DSA-2021-307](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Integrated System for Microsoft Azure Stack Hub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2497,12 +3417,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 2022-01-31. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC License Manager + product: Dell EMC Isilon InsightIQ cves: cve-2021-4104: investigated: false @@ -2514,7 +3434,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2532,7 +3452,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Onie + product: Dell EMC License Manager cves: cve-2021-4104: investigated: false @@ -2544,7 +3464,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2562,7 +3482,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Ansible Modules + product: Dell EMC Metro Node cves: cve-2021-4104: investigated: false @@ -2571,10 +3491,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 7.0.1 P2 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2587,12 +3507,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-308 references: - - '' + - '[DSA-2021-308](https://www.dell.com/support/kbdoc/en-us/000194630/dsa-2021)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage integration for Splunk + product: Dell EMC NetWorker cves: cve-2021-4104: investigated: false @@ -2601,10 +3521,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 19.4.x + - 19.5.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2617,12 +3538,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Integration for VMware vCenter + product: Dell EMC NetWorker VE cves: cve-2021-4104: investigated: false @@ -2631,10 +3552,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 19.4.x + - 19.5.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2647,12 +3569,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Management pack for vRealize Operations + product: Dell EMC Networking Onie cves: cve-2021-4104: investigated: false @@ -2664,7 +3586,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2682,8 +3604,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge - Manager + product: Dell EMC Networking Virtual Edge Platform with VersaOS cves: cve-2021-4104: investigated: false @@ -2695,7 +3616,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2713,7 +3634,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' + product: Dell EMC OpenManage Ansible Modules cves: cve-2021-4104: investigated: false @@ -2725,7 +3646,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2743,7 +3664,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath + product: Dell EMC OpenManage Enterprise Services cves: cve-2021-4104: investigated: false @@ -2752,10 +3673,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Version 1.2 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2768,12 +3689,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-276](https://www.dell.com/support/kbdoc/en-us/000194652/dsa-2021-276-dell-emc-openmanage-enterprise-services-security-update-for-apache-log4j-remote-code-execution-vulnerabilities-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath Management Appliance + product: Dell EMC OpenManage integration for Splunk cves: cve-2021-4104: investigated: false @@ -2785,7 +3706,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2803,7 +3724,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Cyber Recovery + product: Dell EMC OpenManage Integration for VMware vCenter cves: cve-2021-4104: investigated: false @@ -2815,7 +3736,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2833,7 +3754,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerScale OneFS + product: Dell EMC OpenManage Management pack for vRealize Operations cves: cve-2021-4104: investigated: false @@ -2845,7 +3766,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2863,7 +3784,8 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for PowerMax + product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge + Manager cves: cve-2021-4104: investigated: false @@ -2875,7 +3797,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2893,7 +3815,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Powerstore + product: Dell EMC PowerFlex Appliance cves: cve-2021-4104: investigated: false @@ -2902,10 +3824,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2918,12 +3840,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-293. references: - - '' + - '[DSA-2021-293](https://www.dell.com/support/kbdoc/en-us/000194579/dsa-2021-293-dell-powerflex-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Unity + product: Dell EMC PowerFlex Rack cves: cve-2021-4104: investigated: false @@ -2932,10 +3854,13 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - RCM 3.3 train - all versions up to 3.3.11.0 + - RCM 3.4 train - all versions up to 3.4.6.0 + - RCM 3.5 train - all versions up to 3.5.6.0 + - RCM 3.6 train - all versions up to 3.6.2.0 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2948,12 +3873,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-292. references: - - '' + - '[DSA-2021-292](https://www.dell.com/support/kbdoc/en-us/000194578/dsa-2021-292-dell-powerflex-rack-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' + product: Dell EMC PowerFlex Software (SDS) cves: cve-2021-4104: investigated: false @@ -2962,10 +3887,18 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '3.5' + - 3.5.1 + - 3.5.1.1 + - 3.5.1.2 + - 3.5.1.3 + - 3.5.1.4 + - '3.6' + - 3.6.0.1 + - 3.6.0.2 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2978,12 +3911,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-272. references: - - '' + - '[DSA-2021-272](https://www.dell.com/support/kbdoc/en-us/000194548/dsa-2021-272-dell-powerflex-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault ME4 Series Storage Arrays + product: Dell EMC PowerPath cves: cve-2021-4104: investigated: false @@ -2995,7 +3928,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3013,7 +3946,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault MD3 Series Storage Arrays + product: Dell EMC PowerPath Management Appliance cves: cve-2021-4104: investigated: false @@ -3025,7 +3958,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3043,7 +3976,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Repository Manager (DRM) + product: Dell EMC PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -3055,7 +3988,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3073,7 +4006,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SourceOne + product: Dell EMC PowerProtect Data Manager cves: cve-2021-4104: investigated: false @@ -3082,10 +4015,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions 19.9 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3098,12 +4031,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-286. references: - - '' + - '[DSA-2021-286](https://www.dell.com/support/kbdoc/en-us/000194549/dsa-2021-286-dell-emc-power-protect-data-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Systems Update (DSU) + product: Dell EMC PowerProtect DP Series Appliance (iDPA) cves: cve-2021-4104: investigated: false @@ -3112,10 +4045,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.7.0 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3128,12 +4061,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA 2021-285. references: - - '' + - '[DSA-2021-285](https://www.dell.com/support/kbdoc/en-us/000194532/dsa-2021-285-dell-emc-integrated-data-protection-appliance-powerprotect-dp-series-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unisphere 360 + product: Dell EMC PowerScale OneFS cves: cve-2021-4104: investigated: false @@ -3145,7 +4078,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3163,7 +4096,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Virtual Storage Integrator + product: Dell EMC PowerShell for PowerMax cves: cve-2021-4104: investigated: false @@ -3175,7 +4108,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3193,7 +4126,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VPLEX + product: Dell EMC PowerShell for Powerstore cves: cve-2021-4104: investigated: false @@ -3205,7 +4138,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3223,7 +4156,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC XtremIO + product: Dell EMC PowerShell for Unity cves: cve-2021-4104: investigated: false @@ -3235,7 +4168,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3253,7 +4186,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Enterprise* + product: Dell EMC PowerStore cves: cve-2021-4104: investigated: false @@ -3262,10 +4195,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 2.0.1.3-1538564 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3278,12 +4211,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-295. references: - - '' + - '[DSA-2021-295](https://www.dell.com/support/kbdoc/en-us/000194739/dsa-2021-295-dell-emc-powerstore-family-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Personal* + product: Dell EMC PowerSwitch Z9264F-ON BMC cves: cve-2021-4104: investigated: false @@ -3295,7 +4228,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3313,7 +4246,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Endpoint Security Suite Enterprise* + product: Dell EMC PowerSwitch Z9432F-ON BMC cves: cve-2021-4104: investigated: false @@ -3325,7 +4258,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3343,7 +4276,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Hybrid Client + product: Dell EMC PowerVault ME4 Series Storage Arrays cves: cve-2021-4104: investigated: false @@ -3355,7 +4288,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3373,7 +4306,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell ImageAssist + product: Dell EMC RecoverPoint cves: cve-2021-4104: investigated: false @@ -3382,10 +4315,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3398,12 +4331,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA 2021-284. references: - - '' + - '[DSA 2021-284](https://www.dell.com/support/kbdoc/en-us/000194531/dsa-2021-284-dell-emc-recoverpoint-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Insights Client + product: Dell EMC Repository Manager (DRM) cves: cve-2021-4104: investigated: false @@ -3415,7 +4348,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3433,7 +4366,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Linux Assistant + product: Dell EMC Ruckus SmartZone 100 Controller cves: cve-2021-4104: investigated: false @@ -3443,9 +4376,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3458,12 +4391,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Mobile Connect + product: Dell EMC Ruckus SmartZone 300 Controller cves: cve-2021-4104: investigated: false @@ -3473,9 +4406,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3488,12 +4421,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor ISP (Windows/Mac/Linux) + product: Dell EMC Ruckus Virtual Software cves: cve-2021-4104: investigated: false @@ -3503,9 +4436,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3518,12 +4451,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor SDK + product: Dell EMC SourceOne cves: cve-2021-4104: investigated: false @@ -3535,7 +4468,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3553,7 +4486,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Networking X-Series + product: Dell EMC SRM cves: cve-2021-4104: investigated: false @@ -3563,9 +4496,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - Versions before 4.6.0.2 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3578,12 +4511,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-301. references: - - '' + - '[DSA-2021-301](https://www.dell.com/support/kbdoc/en-us/000194613/dsa-2021-301)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Mobile + product: Dell EMC Streaming Data Platform cves: cve-2021-4104: investigated: false @@ -3592,10 +4525,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '1.1' + - '1.2' + - 1.2 HF1 + - '1.3' + - 1.3.1 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3608,12 +4545,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-297. references: - - '' + - '[DSA-2021-297](https://www.dell.com/support/kbdoc/en-us/000194627/dsa-2021-297-dell-emc-streaming-data-platform-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Server Administrator + product: Dell EMC Systems Update (DSU) cves: cve-2021-4104: investigated: false @@ -3625,7 +4562,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3643,7 +4580,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Change Management + product: Dell EMC Unisphere 360 cves: cve-2021-4104: investigated: false @@ -3655,7 +4592,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3673,7 +4610,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Enterprise Power Manager Plugin + product: Dell EMC Unity cves: cve-2021-4104: investigated: false @@ -3683,9 +4620,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3698,12 +4635,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-294. references: - - '' + - '[DSA-2021-294](https://www.dell.com/support/kbdoc/en-us/000194826/dsa-2021-294-dell-emc-unity-dell-emc-unityvsa-and-dell-emc-unity-xt-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Optimizer + product: Dell EMC Virtual Storage Integrator cves: cve-2021-4104: investigated: false @@ -3715,7 +4652,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3733,7 +4670,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OS Recovery Tool + product: Dell EMC VPLEX cves: cve-2021-4104: investigated: false @@ -3745,7 +4682,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3763,7 +4700,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Peripheral Manager 1.4 / 1.5 for Windows + product: Dell EMC vProtect cves: cve-2021-4104: investigated: false @@ -3772,10 +4709,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 19.5-19.9 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3788,12 +4725,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2022-007. references: - - '' + - '[DSA-2022-007](https://www.dell.com/support/kbdoc/en-us/000195003/title-dsa-2022-007-dell-emc-vprotect-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Platform Service + product: Dell EMC VxRail cves: cve-2021-4104: investigated: false @@ -3802,10 +4739,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 4.5.x + - 4.7.x + - 7.0.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3818,12 +4757,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-265. references: - - '' + - '[DSA-2021-265](https://www.dell.com/support/kbdoc/en-us/000194466/dsa-2021-265-dell-emc-vxrail-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager + product: Dell EMC XC cves: cve-2021-4104: investigated: false @@ -3832,10 +4771,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3848,12 +4787,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-311. references: - - '' + - '[DSA-2021-311](https://www.dell.com/support/kbdoc/en-us/000194822/dsa-2021-311-dell-emc-xc-series-and-core-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager Lite + product: Dell EMC XtremIO cves: cve-2021-4104: investigated: false @@ -3865,7 +4804,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3883,7 +4822,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer + product: Dell Encryption Enterprise* cves: cve-2021-4104: investigated: false @@ -3895,7 +4834,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3913,7 +4852,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer for Linux + product: Dell Encryption Personal* cves: cve-2021-4104: investigated: false @@ -3925,7 +4864,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3943,7 +4882,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Premier Color + product: Dell Endpoint Security Suite Enterprise* cves: cve-2021-4104: investigated: false @@ -3955,7 +4894,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3973,7 +4912,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Recovery (Linux) + product: Dell Hybrid Client cves: cve-2021-4104: investigated: false @@ -3985,7 +4924,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4003,7 +4942,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remediation Platform + product: Dell ImageAssist cves: cve-2021-4104: investigated: false @@ -4015,7 +4954,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4033,7 +4972,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remote Execution Engine (DRONE) + product: Dell Insights Client cves: cve-2021-4104: investigated: false @@ -4045,7 +4984,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4063,7 +5002,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Advisory Update - DSA-2021-088 + product: Dell Linux Assistant cves: cve-2021-4104: investigated: false @@ -4075,7 +5014,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4093,7 +5032,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Management Server & Dell Security Management Server Virtual* + product: Dell Memory Solutions cves: cve-2021-4104: investigated: false @@ -4105,7 +5044,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4123,7 +5062,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell SupportAssist SOS + product: Dell Mobile Connect cves: cve-2021-4104: investigated: false @@ -4135,7 +5074,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4153,7 +5092,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Thin OS + product: Dell Monitor ISP (Windows/Mac/Linux) cves: cve-2021-4104: investigated: false @@ -4165,7 +5104,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4183,7 +5122,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Threat Defense + product: Dell Monitor SDK cves: cve-2021-4104: investigated: false @@ -4195,7 +5134,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4213,7 +5152,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell True Color + product: Dell Networking X-Series cves: cve-2021-4104: investigated: false @@ -4225,7 +5164,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4243,7 +5182,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Trusted Device + product: Dell OpenManage Change Management cves: cve-2021-4104: investigated: false @@ -4255,7 +5194,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4273,7 +5212,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Update + product: Dell OpenManage Enterprise cves: cve-2021-4104: investigated: false @@ -4282,10 +5221,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 3.8.2 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4298,12 +5237,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-275 references: - - '' + - '[DSA-2021-275](https://www.dell.com/support/kbdoc/en-us/000194638/dsa-2021-275-dell-emc-openmanage-enterprise-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dream Catcher + product: Dell OpenManage Enterprise CloudIQ plugin cves: cve-2021-4104: investigated: false @@ -4315,7 +5254,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4333,7 +5272,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Creation Service + product: Dell OpenManage Enterprise Modular cves: cve-2021-4104: investigated: false @@ -4342,10 +5281,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 1.40.10 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4358,12 +5297,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-268 references: - - '' + - '[DSA-2021-268](https://www.dell.com/support/kbdoc/en-us/000194625/dsa-2021-268-dell-emc-openmanage-enterprise-modular-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Framework (ISG) + product: Dell OpenManage Enterprise Power Manager plugin cves: cve-2021-4104: investigated: false @@ -4375,7 +5314,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4393,7 +5332,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded NAS + product: Dell OpenManage Mobile cves: cve-2021-4104: investigated: false @@ -4405,7 +5344,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4423,7 +5362,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded Service Enabler + product: Dell OpenManage Server Administrator cves: cve-2021-4104: investigated: false @@ -4435,7 +5374,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4453,7 +5392,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Equallogic PS + product: Dell Optimizer cves: cve-2021-4104: investigated: false @@ -4465,7 +5404,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4483,7 +5422,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Fluid FS + product: Dell OS Recovery Tool cves: cve-2021-4104: investigated: false @@ -4495,7 +5434,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4513,7 +5452,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: iDRAC Service Module (iSM) + product: Dell Peripheral Manager 1.4 / 1.5 for Windows cves: cve-2021-4104: investigated: false @@ -4525,7 +5464,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4543,7 +5482,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Infinity MLK (firmware) + product: Dell Platform Service cves: cve-2021-4104: investigated: false @@ -4555,7 +5494,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4573,7 +5512,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Integrated Dell Remote Access Controller (iDRAC) + product: Dell Power Manager cves: cve-2021-4104: investigated: false @@ -4585,7 +5524,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4603,7 +5542,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Accelerators + product: Dell Power Manager Lite cves: cve-2021-4104: investigated: false @@ -4615,7 +5554,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4633,7 +5572,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Board & Electrical + product: Dell Precision Optimizer cves: cve-2021-4104: investigated: false @@ -4645,7 +5584,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4663,7 +5602,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IsilonSD Management Server + product: Dell Precision Optimizer for Linux cves: cve-2021-4104: investigated: false @@ -4675,7 +5614,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4693,7 +5632,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IVE-WinDiag + product: Dell Premier Color cves: cve-2021-4104: investigated: false @@ -4705,7 +5644,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4723,7 +5662,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Mainframe Enablers + product: Dell Recovery (Linux) cves: cve-2021-4104: investigated: false @@ -4735,7 +5674,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4753,7 +5692,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: My Dell + product: Dell Remediation Platform cves: cve-2021-4104: investigated: false @@ -4765,7 +5704,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4783,7 +5722,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: MyDell Mobile + product: Dell Remote Execution Engine (DRONE) cves: cve-2021-4104: investigated: false @@ -4795,7 +5734,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4813,7 +5752,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: NetWorker Management Console + product: Dell Security Advisory Update - DSA-2021-088 cves: cve-2021-4104: investigated: false @@ -4825,7 +5764,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4843,7 +5782,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking BIOS + product: Dell Security Management Server & Dell Security Management Server Virtual* cves: cve-2021-4104: investigated: false @@ -4855,7 +5794,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4873,7 +5812,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking DIAG + product: Dell SupportAssist SOS cves: cve-2021-4104: investigated: false @@ -4885,7 +5824,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4903,7 +5842,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking N-Series + product: Dell Thin OS cves: cve-2021-4104: investigated: false @@ -4915,7 +5854,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4933,7 +5872,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS 10 + product: Dell Threat Defense cves: cve-2021-4104: investigated: false @@ -4945,7 +5884,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4963,7 +5902,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS9 + product: Dell True Color cves: cve-2021-4104: investigated: false @@ -4975,7 +5914,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4993,7 +5932,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking SD-WAN Edge SD-WAN + product: Dell Trusted Device cves: cve-2021-4104: investigated: false @@ -5005,7 +5944,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5023,7 +5962,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking W-Series + product: Dell Update cves: cve-2021-4104: investigated: false @@ -5035,7 +5974,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5053,7 +5992,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking X-Series + product: Dream Catcher cves: cve-2021-4104: investigated: false @@ -5065,7 +6004,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5083,7 +6022,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMIMSSC (OpenManage Integration for Microsoft System Center) + product: DUP Creation Service cves: cve-2021-4104: investigated: false @@ -5095,7 +6034,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5113,7 +6052,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMNIA + product: DUP Framework (ISG) cves: cve-2021-4104: investigated: false @@ -5125,7 +6064,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5143,7 +6082,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - Nagios + product: ECS cves: cve-2021-4104: investigated: false @@ -5153,9 +6092,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 3.3.x + - 3.4.x + - 3.5.x + - 3.6.0.x + - 3.6.1.x + - 3.6.2.0 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5168,12 +6112,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-273. references: - - '' + - '[DSA-2021-273](https://www.dell.com/support/kbdoc/en-us/000194612/dsa-2021-273-dell-emc-ecs-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - ServiceNow + product: Embedded NAS cves: cve-2021-4104: investigated: false @@ -5185,7 +6129,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5203,8 +6147,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration for Microsoft System Center for System Center - Operations Manager + product: Embedded Service Enabler cves: cve-2021-4104: investigated: false @@ -5216,7 +6159,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5234,7 +6177,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration with Microsoft Windows Admin Center + product: Enterprise Hybrid Cloud cves: cve-2021-4104: investigated: false @@ -5246,7 +6189,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5259,12 +6202,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-270. references: - - '' + - '[DSA-2021-270](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Network Integration + product: Equallogic PS cves: cve-2021-4104: investigated: false @@ -5276,7 +6219,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5294,7 +6237,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect N3200 + product: Fluid FS cves: cve-2021-4104: investigated: false @@ -5306,7 +6249,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5324,7 +6267,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC2800 + product: iDRAC Service Module (iSM) cves: cve-2021-4104: investigated: false @@ -5336,7 +6279,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5354,7 +6297,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC8100 + product: Infinity MLK (firmware) cves: cve-2021-4104: investigated: false @@ -5366,7 +6309,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5384,7 +6327,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge BIOS + product: Integrated Dell Remote Access Controller (iDRAC) cves: cve-2021-4104: investigated: false @@ -5396,7 +6339,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5414,7 +6357,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge Operating Systems + product: ISG Accelerators cves: cve-2021-4104: investigated: false @@ -5426,7 +6369,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5444,7 +6387,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerTools Agent + product: ISG Board & Electrical cves: cve-2021-4104: investigated: false @@ -5456,7 +6399,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5474,7 +6417,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PPDM Kubernetes cProxy + product: ISG Drive & Storage Media cves: cve-2021-4104: investigated: false @@ -5486,7 +6429,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5504,7 +6447,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PPDM VMware vProxy + product: IsilonSD Management Server cves: cve-2021-4104: investigated: false @@ -5516,7 +6459,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5534,7 +6477,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Redtail + product: IVE-WinDiag cves: cve-2021-4104: investigated: false @@ -5546,7 +6489,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5564,7 +6507,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Remotely Anywhere + product: Mainframe Enablers cves: cve-2021-4104: investigated: false @@ -5576,7 +6519,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5594,7 +6537,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Riptide (firmware) + product: MDS cves: cve-2021-4104: investigated: false @@ -5606,7 +6549,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5624,7 +6567,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Rugged Control Center (RCC) + product: My Dell cves: cve-2021-4104: investigated: false @@ -5636,7 +6579,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5654,7 +6597,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SD ROM Utility + product: MyDell Mobile cves: cve-2021-4104: investigated: false @@ -5666,7 +6609,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5684,7 +6627,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SDNAS + product: NetWorker Management Console cves: cve-2021-4104: investigated: false @@ -5696,7 +6639,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5714,7 +6657,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Server Storage + product: Networking BIOS cves: cve-2021-4104: investigated: false @@ -5726,7 +6669,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5744,7 +6687,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Smart Fabric Storage Software + product: Networking DIAG cves: cve-2021-4104: investigated: false @@ -5756,7 +6699,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5774,7 +6717,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SmartByte + product: Networking N-Series cves: cve-2021-4104: investigated: false @@ -5786,7 +6729,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5804,7 +6747,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SMI-S + product: Networking OS 10 cves: cve-2021-4104: investigated: false @@ -5816,7 +6759,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5834,7 +6777,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Software RAID + product: Networking OS 9 cves: cve-2021-4104: investigated: false @@ -5846,7 +6789,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5864,7 +6807,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Solutions Enabler + product: Networking SD-WAN Edge SD-WAN cves: cve-2021-4104: investigated: false @@ -5876,7 +6819,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5894,7 +6837,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Solutions Enabler vApp + product: Networking W-Series cves: cve-2021-4104: investigated: false @@ -5906,7 +6849,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5924,7 +6867,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Sonic + product: Networking X-Series cves: cve-2021-4104: investigated: false @@ -5936,7 +6879,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5954,7 +6897,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SRS VE + product: OMIMSSC (OpenManage Integration for Microsoft System Center) cves: cve-2021-4104: investigated: false @@ -5966,7 +6909,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5984,7 +6927,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Storage Center OS and additional SC applications unless otherwise noted + product: OMNIA cves: cve-2021-4104: investigated: false @@ -5996,7 +6939,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6014,7 +6957,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Client Commercial + product: OpenManage Connections - Nagios cves: cve-2021-4104: investigated: false @@ -6026,7 +6969,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6044,7 +6987,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Client Consumer + product: OpenManage Connections - ServiceNow cves: cve-2021-4104: investigated: false @@ -6056,7 +6999,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6074,7 +7017,8 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: UCC Edge + product: OpenManage Integration for Microsoft System Center for System Center + Operations Manager cves: cve-2021-4104: investigated: false @@ -6086,7 +7030,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6104,7 +7048,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for PowerMax + product: OpenManage Integration with Microsoft Windows Admin Center cves: cve-2021-4104: investigated: false @@ -6116,7 +7060,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6134,7 +7078,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for PowerMax vApp + product: OpenManage Network Integration cves: cve-2021-4104: investigated: false @@ -6146,7 +7090,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6164,7 +7108,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for VMAX + product: OpenManage Power Center cves: cve-2021-4104: investigated: false @@ -6176,7 +7120,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6194,7 +7138,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for VNX + product: PowerConnect N3200 cves: cve-2021-4104: investigated: false @@ -6206,7 +7150,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6224,7 +7168,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Update Manager Plugin + product: PowerConnect PC2800 cves: cve-2021-4104: investigated: false @@ -6236,7 +7180,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6254,7 +7198,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ViPR Controller + product: PowerConnect PC8100 cves: cve-2021-4104: investigated: false @@ -6266,7 +7210,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6284,7 +7228,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX1 + product: PowerEdge Accelerator Solutions cves: cve-2021-4104: investigated: false @@ -6296,7 +7240,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6314,7 +7258,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX2 + product: PowerEdge BIOS cves: cve-2021-4104: investigated: false @@ -6326,7 +7270,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6344,7 +7288,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VPLEX VS2/VS6 / VPLEX Witness + product: PowerEdge Networking Solutions cves: cve-2021-4104: investigated: false @@ -6356,7 +7300,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6374,7 +7318,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Vsan Ready Nodes + product: PowerEdge Operating Systems cves: cve-2021-4104: investigated: false @@ -6386,7 +7330,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6404,7 +7348,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Warnado MLK (firmware) + product: PowerEdge RAID Controller Solutions cves: cve-2021-4104: investigated: false @@ -6416,7 +7360,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6434,7 +7378,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Proprietary OS (ThinOS) + product: PowerTools Agent cves: cve-2021-4104: investigated: false @@ -6446,7 +7390,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6464,7 +7408,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Windows Embedded Suite + product: PPDM Kubernetes cProxy cves: cve-2021-4104: investigated: false @@ -6476,7 +7420,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6494,7 +7438,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: APEX Console + product: PPDM VMware vProxy cves: cve-2021-4104: investigated: false @@ -6504,9 +7448,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - N/A - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6519,12 +7463,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: APEX Data Storage Services + product: Redtail cves: cve-2021-4104: investigated: false @@ -6532,10 +7476,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6548,12 +7493,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patch in progress + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud IQ + product: Remotely Anywhere cves: cve-2021-4104: investigated: false @@ -6561,10 +7506,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6577,12 +7523,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix (Cisco MDS DCNM) + product: Riptide (firmware) cves: cve-2021-4104: investigated: false @@ -6590,10 +7536,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6606,12 +7553,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix B-Series SANnav + product: Rugged Control Center (RCC) cves: cve-2021-4104: investigated: false @@ -6620,10 +7567,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.1.1 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6636,12 +7583,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 3/31/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Data Domain OS + product: SD ROM Utility cves: cve-2021-4104: investigated: false @@ -6650,10 +7597,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6666,12 +7613,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-274 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Avamar + product: SDNAS cves: cve-2021-4104: investigated: false @@ -6680,10 +7627,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"18.2 19.1 19.2 19.3 19.4"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6696,12 +7643,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC BSN Controller Node + product: Secure Connect Gateway (SCG) Appliance cves: cve-2021-4104: investigated: false @@ -6709,8 +7656,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6725,12 +7673,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-305 + notes: See DSA-2021-282 references: - - '' + - '[]' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Cloud Disaster Recovery + product: Secure Connect Gateway (SCG) Appliance cves: cve-2021-4104: investigated: false @@ -6739,9 +7687,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 5.00.00, 5.00.05, and 4.0.06 and earlier versions (OVF and VHD) unaffected_versions: [] cve-2021-45046: investigated: false @@ -6755,12 +7703,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-282 references: - - '' + - '[DSA-2021-282](https://www.dell.com/support/kbdoc/en-us/000194624/dsa-2021-282-dell-emc-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Central + product: Secure Connect Gateway (SCG) Policy Manager cves: cve-2021-4104: investigated: false @@ -6768,9 +7716,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.00.00.10 + - 5.00.05.10 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6784,12 +7734,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021- 269 + notes: See DSA-2021-281 references: - - '' + - '[DSA-2021-281](https://www.dell.com/support/kbdoc/en-us/000194539/dsa-2021-281-dell-emc-policy-manager-for-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Search + product: Server Storage cves: cve-2021-4104: investigated: false @@ -6798,10 +7748,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 19.5.0.7 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6814,12 +7764,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-279 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC ECS + product: Smart Fabric Storage Software cves: cve-2021-4104: investigated: false @@ -6827,10 +7777,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6843,12 +7794,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Enterprise Hybrid Cloud + product: SmartByte cves: cve-2021-4104: investigated: false @@ -6856,10 +7807,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6872,12 +7824,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Enterprise Storage Analytics for vRealize Operations + product: SMI-S cves: cve-2021-4104: investigated: false @@ -6886,10 +7838,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"<6.0.0 6.1.0 6.2.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6902,12 +7854,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-278 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Azure Stack HCI + product: Software RAID cves: cve-2021-4104: investigated: false @@ -6916,10 +7868,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6932,16 +7884,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this - advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect - Gateway (SCG) were optionally installed with Dell EMC Integrated System for - Azure Stack HCI monitor the following advisories. Apply workaround guidance - and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Microsoft Azure Stack Hub + product: Solutions Enabler cves: cve-2021-4104: investigated: false @@ -6950,10 +7898,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6966,12 +7914,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Virtual Edition + product: Solutions Enabler vApp cves: cve-2021-4104: investigated: false @@ -6980,10 +7928,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6996,12 +7944,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Server + product: Sonic cves: cve-2021-4104: investigated: false @@ -7010,10 +7958,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7026,12 +7974,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Virtual Edge Platform with VersaOS + product: SRS Policy Manager cves: cve-2021-4104: investigated: false @@ -7040,9 +7988,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '7.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7056,12 +8004,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-304 + notes: See DSA-2021-287. references: - - '' + - '[DSA-2021-287](https://www.dell.com/support/kbdoc/en-us/000194544/dsa-2021-287-dell-emc-srs-policy-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Appliance + product: SRS VE cves: cve-2021-4104: investigated: false @@ -7070,11 +8018,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions - up to Intelligent Catalog 38_362_00_r7.zip"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7087,12 +8034,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Software (SDS) + product: Storage Center - Dell Storage Manager cves: cve-2021-4104: investigated: false @@ -7102,7 +8049,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' + - 16.x + - 17.x + - 18.x + - 19.x + - 20.1.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7117,12 +8068,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-310. references: - - '' + - '[DSA-2021-310](https://www.dell.com/support/kbdoc/en-us/000194790/dsa-2021-310-storage-center-dell-storage-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Rack + product: Storage Center OS and additional SC applications unless otherwise noted cves: cve-2021-4104: investigated: false @@ -7131,10 +8082,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7147,12 +8098,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Data Manager + product: SupportAssist Client Commercial cves: cve-2021-4104: investigated: false @@ -7161,10 +8112,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All versions 19.9 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7177,12 +8128,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect DP Series Appliance (iDPA) + product: SupportAssist Client Consumer cves: cve-2021-4104: investigated: false @@ -7191,10 +8142,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.7.0 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7207,12 +8158,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerStore + product: SupportAssist Enterprise cves: cve-2021-4104: investigated: false @@ -7220,8 +8171,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.0.70 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7236,12 +8188,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: See DSA-2021-283. references: - - '' + - '[DSA-2021-283](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint for Virtual Machine + product: UCC Edge cves: cve-2021-4104: investigated: false @@ -7250,10 +8202,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All 5.0.x and later versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7266,12 +8218,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint Classic + product: Unisphere Central cves: cve-2021-4104: investigated: false @@ -7280,9 +8232,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All 5.1.x and later versions - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Versions before 4.0 SP 9.2 (4.0.9.1541235) unaffected_versions: [] cve-2021-45046: investigated: false @@ -7296,12 +8248,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-296. references: - - '' + - '[DSA-2021-296](https://www.dell.com/support/kbdoc/en-us/000194874/dsa-2021-296-dell-emc-unisphere-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SRM vApp + product: Unisphere for PowerMax cves: cve-2021-4104: investigated: false @@ -7310,10 +8262,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 4.6.0.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7326,12 +8278,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/25/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Streaming Data Platform + product: Unisphere for PowerMax vApp cves: cve-2021-4104: investigated: false @@ -7339,10 +8291,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7355,12 +8308,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unity + product: Unisphere for VMAX cves: cve-2021-4104: investigated: false @@ -7368,10 +8321,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7384,12 +8338,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/29/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Metro Node + product: Unisphere for VNX cves: cve-2021-4104: investigated: false @@ -7398,10 +8352,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.0.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7414,12 +8368,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-308 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VxRail + product: Update Manager Plugin cves: cve-2021-4104: investigated: false @@ -7428,10 +8382,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"4.5.x 4.7.x 7.0.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7444,12 +8398,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Management Enterprise - Modular + product: Vblock cves: cve-2021-4104: investigated: false @@ -7459,7 +8413,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <1.40.10 + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7474,12 +8428,13 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-268 + notes: Patch pending See vce6771 (requires customer login). This advisory is available + to customer only and has not been reviewed by CISA. references: - - '' + - '[vce6771](https://support-dellemc-com.secure.force.com/)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DellEMC OpenManage Enterprise Services + product: ViPR Controller cves: cve-2021-4104: investigated: false @@ -7487,10 +8442,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7503,12 +8459,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Enterprise + product: VMware vRealize Automation 8.x cves: cve-2021-4104: investigated: false @@ -7516,8 +8472,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.2 8.3 8.4 8.5 and 8.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7537,7 +8494,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 300 Controller + product: VMware vRealize Orchestrator 8.x cves: cve-2021-4104: investigated: false @@ -7545,8 +8502,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.2 8.3 8.4 8.5 and 8.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7561,12 +8519,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 100 Controller + product: VNX Control Station cves: cve-2021-4104: investigated: false @@ -7574,10 +8532,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7590,12 +8549,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus Virtual Software + product: VNX1 cves: cve-2021-4104: investigated: false @@ -7603,10 +8562,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7619,12 +8579,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Appliance + product: VNX2 cves: cve-2021-4104: investigated: false @@ -7633,10 +8593,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7649,12 +8609,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-282 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Policy Manager + product: VNXe 1600 cves: cve-2021-4104: investigated: false @@ -7663,9 +8623,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"5.00.00.10 5.00.05.10"' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Versions 3.1.16.10220572 and earlier unaffected_versions: [] cve-2021-45046: investigated: false @@ -7679,12 +8639,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-281 + notes: See DSA-2021-299 references: - - '' + - '[DSA-2021-299](https://www.dell.com/support/kbdoc/en-us/000194605/dsa-2021-299-dell-emc-vnxe1600-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SRS Policy Manager + product: VNXe 3200 cves: cve-2021-4104: investigated: false @@ -7693,9 +8653,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '7' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Version 3.1.15.10216415 and earlier unaffected_versions: [] cve-2021-45046: investigated: false @@ -7709,12 +8669,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-298 references: - - '' + - '[DSA-2021-298](https://www.dell.com/support/kbdoc/en-us/000194606/dsa-2021-298-dell-emc-vnxe3200-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Storage Center - Dell Storage Manager + product: VPLEX VS2/VS6 / VPLEX Witness cves: cve-2021-4104: investigated: false @@ -7722,10 +8682,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7738,12 +8699,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Enterprise + product: vRealize Data Protection Extension Data Management cves: cve-2021-4104: investigated: false @@ -7751,9 +8712,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7767,12 +8729,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: See DSA-2021-290. references: - - '' + - '[DSA-2021-290](https://www.dell.com/support/kbdoc/en-us/000194614/dsa-2021-290-dell-emc-vrealize-data-protection-extension-for-vrealize-automation-vra-8-x-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere Central + product: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage cves: cve-2021-4104: investigated: false @@ -7780,9 +8742,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7796,12 +8759,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/10/2022 + notes: See DSA-2021-300. references: - - '' + - '[DSA-2021-300](https://www.dell.com/support/kbdoc/en-us/000194610/dsa-2021-300)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Vblock + product: vRO Plugin for Dell EMC PowerMax cves: cve-2021-4104: investigated: false @@ -7809,9 +8772,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Version 1.2.3 or earlier unaffected_versions: [] cve-2021-45046: investigated: false @@ -7825,12 +8789,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending See vce6771 (requires customer login) + notes: See DSA-2021-300 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 1600 + product: vRO Plugin for Dell EMC PowerScale cves: cve-2021-4104: investigated: false @@ -7839,9 +8803,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions 3.1.16.10220572 and earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Version 1.1.0 or earlier unaffected_versions: [] cve-2021-45046: investigated: false @@ -7855,12 +8819,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: See DSA-2021-300 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 3200 + product: vRO Plugin for Dell EMC PowerStore cves: cve-2021-4104: investigated: false @@ -7870,7 +8834,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Version 3.1.15.10216415 and earlier + - Version 1.1.4 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7885,12 +8849,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: See DSA-2021-300 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VxBlock + product: vRO Plugin for Dell EMC Unity cves: cve-2021-4104: investigated: false @@ -7898,8 +8862,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 1.0.6 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7914,12 +8879,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Patch pending See vce6771 (requires customer login) "' + notes: See DSA-2021-300 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage + product: vRO Plugin for Dell EMC XtremIO cves: cve-2021-4104: investigated: false @@ -7929,7 +8894,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Various + - Version 4.1.2 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7949,7 +8914,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC PowerMax + product: Vsan Ready Nodes cves: cve-2021-4104: investigated: false @@ -7958,10 +8923,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.2.3 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7974,12 +8939,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC PowerScale + product: VxBlock cves: cve-2021-4104: investigated: false @@ -7988,8 +8953,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.1.0 or earlier + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8004,12 +8968,13 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: Patch pending See vce6771 (requires customer login). This advisory is available + to customer only and has not been reviewed by CISA. references: - - '' + - '[vce6771](https://support-dellemc-com.secure.force.com/)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC PowerStore + product: Warnado MLK (firmware) cves: cve-2021-4104: investigated: false @@ -8018,10 +8983,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.1.4 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8034,12 +8999,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC Unity + product: Wyse Management Suite cves: cve-2021-4104: investigated: false @@ -8048,9 +9013,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.0.6 or earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - < 3.5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -8064,12 +9029,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: See DSA-2021-267 references: - - '' + - '[DSA-2021-267](https://www.dell.com/support/kbdoc/en-us/000194459/dsa-2021-267-dell-wyse-management-suite-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC XtremIO + product: Wyse Proprietary OS (ThinOS) cves: cve-2021-4104: investigated: false @@ -8078,10 +9043,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 4.1.2 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8094,12 +9059,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension Data Management + product: Wyse Windows Embedded Suite cves: cve-2021-4104: investigated: false @@ -8107,10 +9072,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8123,12 +9089,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x + - vendor: Deltares + product: Delft-FEWS cves: cve-2021-4104: investigated: false @@ -8137,9 +9103,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"version 19.6 version 19.7 version 19.8 and version 19.9"' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>2018.02' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8152,13 +9118,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + - https://publicwiki.deltares.nl/display/FEWSDOC/Delft-FEWS+and+Log4J+vulnerability + notes: Mitigations Only references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: VMware vRealize Automation 8.x + last_updated: '2021-12-22T00:00:00' + - vendor: Denequa + product: All cves: cve-2021-4104: investigated: false @@ -8166,9 +9132,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8182,13 +9147,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + - https://denequa.de/log4j-information.html + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: VMware vRealize Orchestrator 8.x + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Device42 + product: All cves: cve-2021-4104: investigated: false @@ -8197,10 +9162,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8212,13 +9177,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + - https://blog.device42.com/2021/12/13/log4j-zero-day/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Wyse Management Suite + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Devolutions + product: All cves: cve-2021-4104: investigated: false @@ -8227,10 +9192,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <3.5 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8242,13 +9207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-267 + - https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Deltares - product: Delft-FEWS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Diebold Nixdorf + product: All cves: cve-2021-4104: investigated: false @@ -8256,10 +9221,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '>2018.02' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -8272,13 +9236,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://publicwiki.deltares.nl/display/FEWSDOC/Delft-FEWS+and+Log4J+vulnerability - notes: Mitigations Only + - https://www.dieboldnixdorf.com/en-us/apache + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Denequa - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Digi International + product: AnywhereUSB Manager cves: cve-2021-4104: investigated: false @@ -8286,10 +9250,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8301,13 +9266,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://denequa.de/log4j-information.html + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Device42 - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: ARMT cves: cve-2021-4104: investigated: false @@ -8315,10 +9280,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8330,13 +9296,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.device42.com/2021/12/13/log4j-zero-day/ + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Devolutions - product: All products + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Aview cves: cve-2021-4104: investigated: false @@ -8344,10 +9310,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8359,13 +9326,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/ + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Diebold Nixdorf - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: AVWOB cves: cve-2021-4104: investigated: false @@ -8373,10 +9340,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8388,11 +9356,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dieboldnixdorf.com/en-us/apache + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Digi International product: CTEK G6200 family cves: @@ -8402,10 +9370,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8431,10 +9400,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8460,10 +9430,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8489,10 +9460,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8518,10 +9490,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8547,10 +9520,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8576,10 +9550,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8597,7 +9572,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect family + product: Digi Connect EZ family cves: cve-2021-4104: investigated: false @@ -8605,10 +9580,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8626,7 +9602,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect EZ family + product: Digi Connect family cves: cve-2021-4104: investigated: false @@ -8634,10 +9610,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8663,10 +9640,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8684,7 +9662,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi ConnectPort family + product: Digi Connect Sensor family cves: cve-2021-4104: investigated: false @@ -8692,10 +9670,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8713,7 +9692,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi ConnectPort LTS family + product: Digi Connect WS family cves: cve-2021-4104: investigated: false @@ -8721,10 +9700,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8742,7 +9722,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect Sensor family + product: Digi ConnectPort family cves: cve-2021-4104: investigated: false @@ -8750,10 +9730,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8771,7 +9752,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect WS family + product: Digi ConnectPort LTS family cves: cve-2021-4104: investigated: false @@ -8779,10 +9760,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8808,10 +9790,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8837,10 +9820,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8866,10 +9850,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8895,10 +9880,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi LR54 + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8916,7 +9932,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi LR54 + product: Digi Navigator cves: cve-2021-4104: investigated: false @@ -8924,10 +9940,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8953,10 +9970,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8982,10 +10000,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9011,10 +10030,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9032,7 +10052,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi TX routers + product: Digi Remote Manager cves: cve-2021-4104: investigated: false @@ -9040,10 +10060,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9061,7 +10082,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR11 + product: Digi TX routers cves: cve-2021-4104: investigated: false @@ -9069,10 +10090,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9090,7 +10112,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR21 + product: Digi WR11 cves: cve-2021-4104: investigated: false @@ -9098,10 +10120,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9119,7 +10142,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR31 + product: Digi WR21 cves: cve-2021-4104: investigated: false @@ -9127,10 +10150,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9148,7 +10172,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR44R/RR + product: Digi WR31 cves: cve-2021-4104: investigated: false @@ -9156,10 +10180,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9177,7 +10202,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR54 + product: Digi WR44R/RR cves: cve-2021-4104: investigated: false @@ -9185,10 +10210,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9206,7 +10232,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR64 + product: Digi WR54 cves: cve-2021-4104: investigated: false @@ -9214,10 +10240,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9235,7 +10262,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: AnywhereUSB Manager + product: Digi WR64 cves: cve-2021-4104: investigated: false @@ -9243,10 +10270,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9264,7 +10292,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Aview + product: Digi Xbee mobile app cves: cve-2021-4104: investigated: false @@ -9272,10 +10300,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9293,7 +10322,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: ARMT + product: Lighthouse cves: cve-2021-4104: investigated: false @@ -9301,10 +10330,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9322,7 +10352,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: AVWOB + product: Realport cves: cve-2021-4104: investigated: false @@ -9330,10 +10360,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9351,7 +10382,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Navigator + product: Remote Hub Config Utility cves: cve-2021-4104: investigated: false @@ -9359,10 +10390,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9379,8 +10411,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Remote Manager + - vendor: Digicert + product: All cves: cve-2021-4104: investigated: false @@ -9403,13 +10435,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://knowledge.digicert.com/alerts/digicert-log4j-response.html notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Xbee mobile app + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Digital AI + product: All cves: cve-2021-4104: investigated: false @@ -9432,13 +10464,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Lighthouse + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Digital Alert Systems + product: All cves: cve-2021-4104: investigated: false @@ -9461,13 +10493,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security - notes: '' + - https://www.digitalalertsystems.com/default-2.htm + notes: Formerly Monroe Electronics, Inc. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Realport + last_updated: '2022-01-05T00:00:00' + - vendor: DirectAdmin + product: All cves: cve-2021-4104: investigated: false @@ -9475,10 +10507,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9490,13 +10523,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security - notes: '' + - https://forum.directadmin.com/threads/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare.65173/#post-339723 + notes: Invidivual plugins not developed as part of DirectAdmin core may be vulnerable. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Remote Hub Config Utility + last_updated: '2022-01-05T00:00:00' + - vendor: DNSFilter + product: All cves: cve-2021-4104: investigated: false @@ -9519,13 +10552,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digicert - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Docker + product: Infrastructure cves: cve-2021-4104: investigated: false @@ -9533,10 +10566,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9548,13 +10582,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.digicert.com/alerts/digicert-log4j-response.html - notes: '' + - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ + notes: Docker infrastructure not vulnerable, Docker images could be vulnerable. + For more info see source. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Digital AI - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Docusign + product: All cves: cve-2021-4104: investigated: false @@ -9577,13 +10612,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1 + - https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Digital Alert Systems - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DotCMS + product: Hybrid Content Management System cves: cve-2021-4104: investigated: false @@ -9591,9 +10626,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -9606,13 +10642,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digitalalertsystems.com/default-2.htm - notes: Formerly Monroe Electronics, Inc. + - https://github.com/dotCMS/core/issues/21393 + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: DNSFilter - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DrayTek + product: All cves: cve-2021-4104: investigated: false @@ -9620,10 +10656,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9635,13 +10672,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability + - https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Docker - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dropwizard + product: All cves: cve-2021-4104: investigated: false @@ -9649,10 +10686,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9664,13 +10702,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ - notes: '' + - https://twitter.com/dropwizardio/status/1469285337524580359 + notes: Only vulnerable if you manually added Log4j. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Docusign - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dräger + product: All cves: cve-2021-4104: investigated: false @@ -9678,10 +10716,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9693,14 +10732,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability + - https://static.draeger.com/security notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: DrayTek - product: Vigor Routers, Access Points, Switches, VigorACS Central Management Software, - MyVigor Platform + last_updated: '2021-12-15T00:00:00' + - vendor: DSpace + product: All cves: cve-2021-4104: investigated: false @@ -9723,13 +10761,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/ + - https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: DSpace - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dynatrace + product: ActiveGate cves: cve-2021-4104: investigated: false @@ -9737,9 +10775,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -9752,13 +10791,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Managed cluster nodes + product: Cloud Services cves: cve-2021-4104: investigated: false @@ -9766,9 +10805,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -9787,7 +10827,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: SAAS + product: Extensions cves: cve-2021-4104: investigated: false @@ -9795,9 +10835,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -9811,7 +10852,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + notes: Please see Dynatrace Communication for details references: - '' last_updated: '2021-12-21T00:00:00' @@ -9824,9 +10865,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -9845,7 +10887,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Synthetic public locations + product: Managed cluster nodes cves: cve-2021-4104: investigated: false @@ -9853,10 +10895,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9869,12 +10912,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + notes: Please see Dynatrace Communication for details references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Synthetic Private ActiveGate + product: OneAgent cves: cve-2021-4104: investigated: false @@ -9882,10 +10925,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9898,12 +10942,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: ActiveGate + product: SAAS cves: cve-2021-4104: investigated: false @@ -9911,9 +10955,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -9932,7 +10977,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: OneAgent + product: Synthetic Private ActiveGate cves: cve-2021-4104: investigated: false @@ -9940,9 +10985,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -9956,12 +11002,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + notes: Please see Dynatrace Communication for details references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Dynatrace Extensions + product: Synthetic public locations cves: cve-2021-4104: investigated: false @@ -9969,9 +11015,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -9985,7 +11032,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index abf2a20..8d9568c 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: EasyRedmine - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -32,9 +32,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Eaton - product: Undisclosed + product: All cves: cve-2021-4104: investigated: false @@ -42,9 +42,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Undisclosed + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59,14 +58,13 @@ software: unaffected_versions: [] vendor_links: - https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf - notes: Doesn't openly disclose what products are affected or not for quote 'security - purposes'. Needs email registration. No workaround provided due to registration - wall. + notes: For security purposes direct notifications are being made to impacted customers. Please + stay tuned for more updates. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: EclecticIQ - product: '' + product: TIP cves: cve-2021-4104: investigated: false @@ -74,8 +72,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 2.11 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90,12 +89,15 @@ software: unaffected_versions: [] vendor_links: - https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2 - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. The Threat Intel Platform includes Neo4j 3.5.12 (not vulnerable) and Elasticsearch + and Logstash OSS 7.9.1 (vulnerable) see Elasticsearch below for mitigation. + See link in their own fix for Logstash (Support account needed, ongoing investigation) references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Eclipse Foundation - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -122,9 +124,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Edwards - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -132,10 +134,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -153,7 +156,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: EFI - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -180,9 +183,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: EGroupware - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: eG Innovations + product: eG Enterprise cves: cve-2021-4104: investigated: false @@ -190,10 +193,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 7.1.8 - 7.1.9 cve-2021-45046: investigated: false affected_versions: [] @@ -205,13 +209,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430 + - https://www.eginnovations.com/brochures/eGEnterprise-and-Log4jShell-Vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Elastic - product: APM Java Agent + last_updated: '2022-01-06T00:00:00' + - vendor: EGroupware + product: All cves: cve-2021-4104: investigated: false @@ -234,13 +238,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Elastic - product: APM Server + product: APM Java Agent cves: cve-2021-4104: investigated: false @@ -248,9 +252,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.17.0 - 1.28.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -264,12 +269,12 @@ software: unaffected_versions: [] vendor_links: - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 - notes: '' + notes: Only vulnerable with specific configuration. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Beats + product: APM Server cves: cve-2021-4104: investigated: false @@ -277,10 +282,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -298,7 +304,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Cmd + product: Beats cves: cve-2021-4104: investigated: false @@ -306,10 +312,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -327,7 +334,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Agent + product: Cmd cves: cve-2021-4104: investigated: false @@ -335,10 +342,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -356,7 +364,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud Enterprise + product: Elastic Agent cves: cve-2021-4104: investigated: false @@ -364,10 +372,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -385,7 +394,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud Enterprise + product: Elastic Cloud cves: cve-2021-4104: investigated: false @@ -393,10 +402,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -414,7 +424,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud on Kubernetes + product: Elastic Cloud Enterprise cves: cve-2021-4104: investigated: false @@ -422,10 +432,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -443,7 +454,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud + product: Elastic Cloud on Kubernetes cves: cve-2021-4104: investigated: false @@ -451,10 +462,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -480,10 +492,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -509,10 +522,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -539,11 +553,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '5' - - '6' - - '8' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 7.16.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -570,10 +582,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -599,10 +612,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -628,10 +642,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -657,10 +672,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -687,10 +703,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <6.8.21 - - <7.16.1 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 6.8.22 unaffected_versions: [] cve-2021-45046: investigated: false @@ -717,10 +732,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -746,10 +762,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -766,8 +783,8 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: ElasticSearch - product: all products + - vendor: Ellucian + product: Admin cves: cve-2021-4104: investigated: false @@ -775,10 +792,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -789,11 +807,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2021-12-17T00:00:00' - vendor: Ellucian product: Banner Analytics cves: @@ -803,8 +822,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -824,7 +844,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Colleague + product: Banner Document Management (includes Banner Document Retention) cves: cve-2021-4104: investigated: false @@ -832,10 +852,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -848,12 +869,12 @@ software: unaffected_versions: [] vendor_links: - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: On-prem and cloud deployements expect fixed 12/18/2021 + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Admin + product: Banner Event Publisher cves: cve-2021-4104: investigated: false @@ -861,10 +882,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -882,7 +904,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Enterprise Identity Services(BEIS) + product: Banner Integration for eLearning cves: cve-2021-4104: investigated: false @@ -890,10 +912,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -911,7 +934,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Integration for eLearning + product: Banner Integration for eProcurement cves: cve-2021-4104: investigated: false @@ -919,10 +942,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -940,7 +964,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Integration for eProcurement + product: Banner Self Service cves: cve-2021-4104: investigated: false @@ -948,10 +972,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -977,10 +1002,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -998,7 +1024,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Document Management (includes Banner Document Retention) + product: Colleague cves: cve-2021-4104: investigated: false @@ -1006,8 +1032,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1022,12 +1049,12 @@ software: unaffected_versions: [] vendor_links: - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + notes: On-prem and cloud deployements expect fixed 12/18/2021 references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Advance Web Connector + product: Colleague Analytics cves: cve-2021-4104: investigated: false @@ -1035,10 +1062,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1056,7 +1084,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian eTranscripts + product: CRM Advance cves: cve-2021-4104: investigated: false @@ -1064,10 +1092,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1085,7 +1114,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Mobile + product: CRM Advise cves: cve-2021-4104: investigated: false @@ -1093,10 +1122,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1114,7 +1144,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Solution Manager + product: CRM Recruit cves: cve-2021-4104: investigated: false @@ -1122,10 +1152,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1143,7 +1174,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Event Publisher + product: Ellucian Advance Web Connector cves: cve-2021-4104: investigated: false @@ -1151,10 +1182,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1172,7 +1204,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Self Service + product: Ellucian Data Access cves: cve-2021-4104: investigated: false @@ -1180,10 +1212,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1201,7 +1234,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Colleague Analytics + product: Ellucian Design Path cves: cve-2021-4104: investigated: false @@ -1209,10 +1242,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1230,7 +1264,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: CRM Advance + product: Ellucian ePrint cves: cve-2021-4104: investigated: false @@ -1238,10 +1272,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1259,7 +1294,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: CRM Advise + product: Ellucian Ethos API & API Management Center cves: cve-2021-4104: investigated: false @@ -1267,10 +1302,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1288,7 +1324,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: CRM Recruit + product: Ellucian Ethos Extend cves: cve-2021-4104: investigated: false @@ -1296,10 +1332,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1317,7 +1354,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Data Access + product: Ellucian Ethos Integration cves: cve-2021-4104: investigated: false @@ -1325,10 +1362,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1346,7 +1384,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Design Path + product: Ellucian eTranscripts cves: cve-2021-4104: investigated: false @@ -1354,10 +1392,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1375,7 +1414,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian ePrint + product: Ellucian Experience cves: cve-2021-4104: investigated: false @@ -1383,10 +1422,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1404,7 +1444,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos API & API Management Center + product: Ellucian Intelligent Platform (ILP) cves: cve-2021-4104: investigated: false @@ -1412,10 +1452,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1433,7 +1474,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos Extend + product: Ellucian International Student and Scholar Management (ISSM) cves: cve-2021-4104: investigated: false @@ -1441,10 +1482,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1462,7 +1504,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos Integration + product: Ellucian Message Service (EMS) cves: cve-2021-4104: investigated: false @@ -1470,10 +1512,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1491,7 +1534,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Experience + product: Ellucian Messaging Adapter (EMA) cves: cve-2021-4104: investigated: false @@ -1499,10 +1542,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1520,7 +1564,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Intelligent Platform (ILP) + product: Ellucian Mobile cves: cve-2021-4104: investigated: false @@ -1528,10 +1572,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1549,7 +1594,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian International Student and Scholar Management (ISSM) + product: Ellucian Payment Gateway cves: cve-2021-4104: investigated: false @@ -1557,10 +1602,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1578,7 +1624,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Message Service (EMS) + product: Ellucian Portal cves: cve-2021-4104: investigated: false @@ -1586,10 +1632,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1607,7 +1654,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Messaging Adapter (EMA) + product: Ellucian PowerCampus cves: cve-2021-4104: investigated: false @@ -1615,10 +1662,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1636,7 +1684,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Payment Gateway + product: Ellucian Solution Manager cves: cve-2021-4104: investigated: false @@ -1644,10 +1692,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1665,7 +1714,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ellucian Portal + product: Ellucian Workflow cves: cve-2021-4104: investigated: false @@ -1673,10 +1722,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1694,7 +1744,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Workflow + product: Enterprise Identity Services (BEIS) cves: cve-2021-4104: investigated: false @@ -1702,10 +1752,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1722,8 +1773,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian PowerCampus + - vendor: Emerson + product: 148 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -1731,10 +1782,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1746,13 +1798,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: K-Series Coriolis Transmitters + product: 2051 Pressure Transmitter Family cves: cve-2021-4104: investigated: false @@ -1760,10 +1812,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1781,7 +1834,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: 2088 Pressure Transmitter Family cves: cve-2021-4104: investigated: false @@ -1789,10 +1842,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1810,7 +1864,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + product: 2090F/2090P Pressure Transmitters cves: cve-2021-4104: investigated: false @@ -1818,10 +1872,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1839,7 +1894,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4732 Endeavor + product: 215 Pressure Sensor Module cves: cve-2021-4104: investigated: false @@ -1847,10 +1902,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1868,7 +1924,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Vortex and Magmeter Transmitters + product: 248 Configuration Application cves: cve-2021-4104: investigated: false @@ -1876,10 +1932,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1897,7 +1954,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + product: 248 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -1905,10 +1962,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1926,7 +1984,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Mark III Gas and Liquid USM + product: 3051 & 3051S Pressure transmitter families cves: cve-2021-4104: investigated: false @@ -1934,10 +1992,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1955,7 +2014,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + product: 3144P Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -1963,10 +2022,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1984,7 +2044,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: MPFM2600 & MPFM5726 + product: 326P Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -1992,10 +2052,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2013,7 +2074,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: DHNC1 DHNC2 + product: 326T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2021,10 +2082,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2042,7 +2104,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: WCM SWGM + product: 327T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2050,10 +2112,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2071,7 +2134,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Fieldwatch and Service consoles + product: 4088 Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -2079,10 +2142,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2100,7 +2164,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 5726 Transmitter + product: 4088 Upgrade Utility cves: cve-2021-4104: investigated: false @@ -2108,10 +2172,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2129,7 +2194,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: 4600 Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -2137,10 +2202,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2158,7 +2224,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + product: 4732 Endeavor cves: cve-2021-4104: investigated: false @@ -2166,10 +2232,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2187,7 +2254,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + product: 550 PT Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -2195,10 +2262,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2216,9 +2284,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + product: 5726 Transmitter cves: cve-2021-4104: investigated: false @@ -2226,10 +2292,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2247,7 +2314,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: K-Series Coriolis Transmitters + product: 644 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2255,10 +2322,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2276,7 +2344,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: 648 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2284,10 +2352,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2305,7 +2374,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + product: 848T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2313,10 +2382,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2334,7 +2404,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4732 Endeavor + product: Combustion - OCX OXT 6888 CX1100 6888Xi cves: cve-2021-4104: investigated: false @@ -2342,10 +2412,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2363,7 +2434,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Vortex and Magmeter Transmitters + product: CT2211 QCL Aerosol Microleak Detection System cves: cve-2021-4104: investigated: false @@ -2371,10 +2442,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2392,7 +2464,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + product: CT3000 QCL Automotive OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2400,10 +2472,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2421,7 +2494,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Mark III Gas and Liquid USM + product: CT4000 QCL Marine OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2429,10 +2502,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2450,7 +2524,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + product: CT4215 QCL Packaging Leak Detection System cves: cve-2021-4104: investigated: false @@ -2458,10 +2532,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2479,7 +2554,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: MPFM2600 & MPFM5726 + product: CT4400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2487,10 +2562,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2508,7 +2584,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: DHNC1 DHNC2 + product: CT4404 QCL pMDI Leak Detection Analyzer cves: cve-2021-4104: investigated: false @@ -2516,10 +2592,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2537,7 +2614,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: WCM SWGM + product: CT5100 QCL Field Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2545,10 +2622,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2566,7 +2644,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Fieldwatch and Service consoles + product: CT5400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2574,10 +2652,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2595,7 +2674,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 5726 Transmitter + product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2603,10 +2682,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2624,7 +2704,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -2632,10 +2712,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2653,7 +2734,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -2661,10 +2742,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2682,7 +2764,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + product: Emerson Aperio software cves: cve-2021-4104: investigated: false @@ -2690,10 +2772,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2711,9 +2794,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + product: Engineering Assistant cves: cve-2021-4104: investigated: false @@ -2721,10 +2802,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 5.x + - 6.x cve-2021-45046: investigated: false affected_versions: [] @@ -2742,7 +2825,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Incus Ultrasonic gas leak detector + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -2750,10 +2833,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2771,8 +2855,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared - Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -2780,10 +2863,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2801,7 +2885,8 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Liquid Transmitters: 5081 1066 1056 1057 56' + product: Flame Detection - 975UF & 975UR Infrared Flame Detectors 975HR Infrared + Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector cves: cve-2021-4104: investigated: false @@ -2809,10 +2894,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2830,7 +2916,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -2838,10 +2924,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2859,7 +2946,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Spectrex family Flame Detectors and Rosemount 975 flame detector + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -2867,10 +2954,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2888,7 +2976,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4400 QCL General Purpose Continuous Gas Analyzer + product: Gas Analysis - X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) cves: cve-2021-4104: investigated: false @@ -2896,10 +2984,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2917,7 +3006,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5400 QCL General Purpose Continuous Gas Analyzer + product: Gas Chromatographs - M500/2350A MON2000 700XA/1500XA 370XA MON2020 cves: cve-2021-4104: investigated: false @@ -2925,10 +3014,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2946,7 +3036,9 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5100 QCL Field Housing Continuous Gas Analyzer + product: Gas Detection - Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor cves: cve-2021-4104: investigated: false @@ -2954,10 +3046,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2975,7 +3068,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer + product: Incus Ultrasonic gas leak detector cves: cve-2021-4104: investigated: false @@ -2983,10 +3076,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3004,7 +3098,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4215 QCL Packaging Leak Detection System + product: K-Series Coriolis Transmitters cves: cve-2021-4104: investigated: false @@ -3012,10 +3106,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3033,7 +3128,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT2211 QCL Aerosol Microleak Detection System + product: Liquid Transmitters - 5081 1066 1056 1057 56' cves: cve-2021-4104: investigated: false @@ -3041,10 +3136,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3062,7 +3158,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4404 QCL pMDI Leak Detection Analyzer + product: Mark III Gas and Liquid USM cves: cve-2021-4104: investigated: false @@ -3070,10 +3166,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3091,7 +3188,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4000 QCL Marine OEM Gas Analyzer + product: MPFM2600 & MPFM5726 cves: cve-2021-4104: investigated: false @@ -3099,10 +3196,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3120,7 +3218,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT3000 QCL Automotive OEM Gas Analyzer + product: Plantweb Advisor for Metrology and Metering Suite SDK cves: cve-2021-4104: investigated: false @@ -3128,10 +3226,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3149,7 +3248,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 3051 & 3051S Pressure transmitter families + product: Prolink Configuration Software cves: cve-2021-4104: investigated: false @@ -3157,10 +3256,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3178,7 +3278,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 2051 Pressure Transmitter Family + product: Prolink Mobile Application & ProcessViz Software cves: cve-2021-4104: investigated: false @@ -3186,10 +3286,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3207,7 +3308,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4088 Pressure Transmitter + product: Rosemount 2230 Graphical Field Display cves: cve-2021-4104: investigated: false @@ -3215,10 +3316,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3236,7 +3338,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 2088 Pressure Transmitter Family + product: Rosemount 2240S Multi-input Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -3244,10 +3346,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3265,7 +3368,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 2090F/2090P Pressure Transmitters + product: Rosemount 2410 Tank Hub cves: cve-2021-4104: investigated: false @@ -3273,10 +3376,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3294,7 +3398,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4600 Pressure Transmitter + product: Rosemount 2460 System Hub cves: cve-2021-4104: investigated: false @@ -3302,10 +3406,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3323,7 +3428,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 215 Pressure Sensor Module + product: Rosemount 3490 Controller cves: cve-2021-4104: investigated: false @@ -3331,10 +3436,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3352,7 +3458,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 550 PT Pressure Transmitter + product: Rosemount CMS/IOU 61 cves: cve-2021-4104: investigated: false @@ -3360,10 +3466,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3381,7 +3488,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 326P Pressure Transmitter + product: Rosemount CMS/SCU 51/SCC cves: cve-2021-4104: investigated: false @@ -3389,10 +3496,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3410,7 +3518,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 3144P Temperature Transmitter + product: Rosemount CMS/WSU 51/SWF 51 cves: cve-2021-4104: investigated: false @@ -3418,10 +3526,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3439,7 +3548,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 644 Temperature Transmitter + product: Rosemount IO-Link Assistant cves: cve-2021-4104: investigated: false @@ -3447,10 +3556,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3468,7 +3578,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 848T Temperature Transmitter + product: Rosemount Level Detectors (21xx) cves: cve-2021-4104: investigated: false @@ -3476,10 +3586,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3497,7 +3608,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 148 Temperature Transmitter + product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) cves: cve-2021-4104: investigated: false @@ -3505,10 +3616,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3526,7 +3638,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 248 Temperature Transmitter + product: Rosemount Radar Configuration Tool cves: cve-2021-4104: investigated: false @@ -3534,10 +3646,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3555,7 +3668,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 326T Temperature Transmitter + product: Rosemount Radar Level Gauges (Pro 39xx 59xx) cves: cve-2021-4104: investigated: false @@ -3563,10 +3676,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3584,7 +3698,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 327T Temperature Transmitter + product: Rosemount RadarMaster cves: cve-2021-4104: investigated: false @@ -3592,10 +3706,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3613,7 +3728,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 648 Temperature Transmitter + product: Rosemount RadarMaster Plus cves: cve-2021-4104: investigated: false @@ -3621,10 +3736,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3642,7 +3758,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4088 Upgrade Utility + product: Rosemount Tank Radar Gauges (TGUxx) cves: cve-2021-4104: investigated: false @@ -3650,10 +3766,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3671,7 +3788,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Engineering Assistant 5.x & 6.x + product: Rosemount TankMaster cves: cve-2021-4104: investigated: false @@ -3679,10 +3796,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3700,7 +3818,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 248 Configuration Application + product: Rosemount TankMaster Mobile cves: cve-2021-4104: investigated: false @@ -3708,10 +3826,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3729,7 +3848,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount IO-Link Assistant + product: Spectrex family Flame Detectors and Rosemount 975 flame detector cves: cve-2021-4104: investigated: false @@ -3737,10 +3856,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3758,7 +3878,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount TankMaster and TankMaster Mobile + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -3766,10 +3886,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3787,7 +3908,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount RadarMaster and RadarMaster Plus + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -3795,10 +3916,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3816,7 +3938,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Radar Configuration Tool + product: Vortex and Magmeter Transmitters cves: cve-2021-4104: investigated: false @@ -3824,10 +3946,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3845,7 +3968,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2460 System Hub + product: WCM SWGM cves: cve-2021-4104: investigated: false @@ -3853,10 +3976,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3873,8 +3997,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount 2410 Tank Hub + - vendor: Enfocus + product: BoardingPass cves: cve-2021-4104: investigated: false @@ -3882,10 +4006,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -3897,13 +4022,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount 3490 Controller + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: Connect cves: cve-2021-4104: investigated: false @@ -3911,10 +4036,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -3926,13 +4052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount 2230 Graphical Field Display + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: PDF Review Module cves: cve-2021-4104: investigated: false @@ -3940,10 +4066,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -3955,13 +4082,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount 2240S Multi-input Temperature Transmitter + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: PitStop cves: cve-2021-4104: investigated: false @@ -3969,10 +4096,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -3984,13 +4112,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount CMS/SCU 51/SCC + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: Switch cves: cve-2021-4104: investigated: false @@ -3998,10 +4126,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4013,13 +4142,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount CMS/WSU 51/SWF 51 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enovation + product: All cves: cve-2021-4104: investigated: false @@ -4042,13 +4171,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://enovationgroup.com/nl/nieuws/log4j-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount CMS/IOU 61 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: EnterpriseDT + product: All cves: cve-2021-4104: investigated: false @@ -4071,13 +4200,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ESET + product: All cves: cve-2021-4104: investigated: false @@ -4085,10 +4214,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4100,13 +4230,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Radar Level Gauges (Pro 39xx 59xx) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ESET + product: Secure Authentication cves: cve-2021-4104: investigated: false @@ -4114,9 +4244,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4129,13 +4260,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Tank Radar Gauges (TGUxx) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ESRI + product: ArcGIS Data Store cves: cve-2021-4104: investigated: false @@ -4143,9 +4274,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -4158,13 +4290,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Level Detectors (21xx) + - vendor: ESRI + product: ArcGIS Enterprise cves: cve-2021-4104: investigated: false @@ -4172,9 +4305,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -4187,13 +4321,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Emerson Aperio software + - vendor: ESRI + product: ArcGIS GeoEvent Server cves: cve-2021-4104: investigated: false @@ -4201,9 +4336,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -4216,13 +4352,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: EnterpriseDT - product: '' + - vendor: ESRI + product: ArcGIS Server cves: cve-2021-4104: investigated: false @@ -4230,9 +4367,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -4245,13 +4383,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/ - notes: '' + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: ESET - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS Workflow Manager Server cves: cve-2021-4104: investigated: false @@ -4259,9 +4398,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -4274,13 +4414,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability - notes: '' + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2021-12-17T00:00:00' - vendor: ESRI - product: ArcGIS Data Store + product: Portal for ArcGIS cves: cve-2021-4104: investigated: false @@ -4310,8 +4451,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Enterprise + - vendor: Estos + product: All cves: cve-2021-4104: investigated: false @@ -4321,9 +4462,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4335,14 +4476,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS GeoEvent Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: EVL Labs + product: JGAAP cves: cve-2021-4104: investigated: false @@ -4353,7 +4493,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - All + - <8.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -4366,14 +4506,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://github.com/evllabs/JGAAP/releases/tag/v8.0.2 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Evolveum Midpoint + product: Midpoint cves: cve-2021-4104: investigated: false @@ -4383,9 +4522,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4397,14 +4536,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://evolveum.com/midpoint-not-vulnerable-to-log4shell/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Workflow Manager Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ewon + product: All cves: cve-2021-4104: investigated: false @@ -4414,8 +4552,7 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -4428,14 +4565,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: Portal for ArcGIS + last_updated: '2022-02-02T07:18:50+00:00' + - vendor: Ewon + product: eCatcher cves: cve-2021-4104: investigated: false @@ -4446,7 +4582,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - All + - 6.7.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -4459,14 +4595,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Estos - product: '' + last_updated: '2022-02-02T07:18:50+00:00' + - vendor: Exabeam + product: All cves: cve-2021-4104: investigated: false @@ -4489,13 +4624,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen - notes: '' + - https://community.exabeam.com/s/discussions?t=1639379479381 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Evolveum Midpoint - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: AEC cves: cve-2021-4104: investigated: false @@ -4503,10 +4639,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4518,13 +4655,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://evolveum.com/midpoint-not-vulnerable-to-log4shell/ + - https://www.exact.com/news/general-statement-apache-leak notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Ewon - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Audition cves: cve-2021-4104: investigated: false @@ -4532,10 +4669,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: BoekhoudGemak + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4547,13 +4715,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42 + - https://www.exact.com/news/general-statement-apache-leak notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Exabeam - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Bouw7 cves: cve-2021-4104: investigated: false @@ -4561,10 +4729,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Business Suite + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4576,14 +4775,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exabeam.com/s/discussions?t=1639379479381 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.exact.com/news/general-statement-apache-leak + notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Exact - product: '' + product: CommunicatieGemak cves: cve-2021-4104: investigated: false @@ -4591,10 +4789,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Consolidation powered by LucaNet + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4610,9 +4839,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Exivity - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Digipoort cves: cve-2021-4104: investigated: false @@ -4620,10 +4849,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: DigitaleFactuur + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4635,13 +4895,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228 + - https://www.exact.com/news/general-statement-apache-leak notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: ExtraHop - product: Reveal(x) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Dimoni cves: cve-2021-4104: investigated: false @@ -4650,12 +4910,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <=8.4.6 - - <=8.5.3 - - <=8.6.4 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4667,13 +4925,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148 - notes: Versions >8.4.7, >8.5.4, >8.6.5 and >=8.7 are fixed. + - https://www.exact.com/news/general-statement-apache-leak + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: eXtreme Hosting - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: EDI Gateway cves: cve-2021-4104: investigated: false @@ -4681,10 +4939,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: FDS + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4696,13 +4985,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://extremehosting.nl/log4shell-log4j/ + - https://www.exact.com/news/general-statement-apache-leak notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Extreme Networks - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Financials cves: cve-2021-4104: investigated: false @@ -4710,10 +4999,1814 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: FiscaalGemak + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Globe Core Product + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Globe E-report/Crystal Reports + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Go2UBL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Gripp + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: HR & SalarisGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Insights (Qlik) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Officient + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Online All core products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Online Elastic Search + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Online Samenwerken (OSW) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Payroll Plus (Loket) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: ProAcc + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: ProQuro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: RapportageGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Reeleezee + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: ScanSys + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: SRXP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Synergy Core Product + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Synergy Elastic Search + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 6.6.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: WerkprogrammaGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Winbooks + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: WMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exivity + product: On-Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extensis + product: Universal Type Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=7.0.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.extensis.com/hc/en-us/articles/4412767414299-Universal-Type-Server-7-and-Log4j-vulnerabilities + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ExtraHop + product: Reveal(x) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <=8.4.6 + - <=8.5.3 + - <=8.6.4 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148 + notes: Versions >8.4.7, >8.5.4, >8.6.5 and >=8.7 are fixed. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: eXtreme Hosting + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremehosting.nl/log4shell-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: 200-series + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: BOSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: EXOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme AirDefense + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Campus Controller (Extreme Cloud Appliance) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Fabric Automation (EFA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Management Center (XMC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Visibility Manager (XVM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeAnalytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeCloud A3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeCloud IQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeConnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeControl + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeGuest + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeLocation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeWireless (IdentiFi) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Fabric Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Guest and IoT Manager (GIM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: HiveManager Classic On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: HiveManager Classic Online + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Ipanema Ip | Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Ipanema SALSA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 9.3.8 + - 9.4.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Ipanema SD-WAN Orchestrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: IQEngine (HiveOS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: IQVA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 21.1.22.1-IQVA + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: NetIron OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Network OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: NSight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: SLX-OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Traffic Sensor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: VGVA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: VOSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: WiNG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4729,9 +6822,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Extron - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4758,5 +6851,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index 5abf36e..37e960c 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -13,9 +13,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -32,7 +33,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Endpoint Proxy cves: @@ -43,9 +44,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 13 through 15 unaffected_versions: [] cve-2021-45046: investigated: false @@ -62,7 +63,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Messaging Security Gateway cves: @@ -72,9 +73,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -91,7 +93,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Policy Manager cves: @@ -102,9 +104,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 13 through 15 unaffected_versions: [] cve-2021-45046: investigated: false @@ -121,7 +123,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Policy Manager Proxy cves: @@ -132,9 +134,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 13 through 15 unaffected_versions: [] cve-2021-45046: investigated: false @@ -151,7 +153,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: BIG-IP (all modules) cves: @@ -181,7 +183,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: BIG-IQ Centralized Management cves: @@ -195,7 +197,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 7.x-8.x + - 7.x - 8.x cve-2021-45046: investigated: false affected_versions: [] @@ -211,7 +213,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: F5OS cves: @@ -241,9 +243,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: Traffix SDC + product: NGINX App Protect cves: cve-2021-4104: investigated: false @@ -252,11 +254,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 5.x (5.2.0 CF1 - - 5.1.0 CF-30 - 5.1.0 CF-33) + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.x cve-2021-45046: investigated: false affected_versions: [] @@ -269,13 +270,12 @@ software: unaffected_versions: [] vendor_links: - https://support.f5.com/csp/article/K19026212 - notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + - Kibana), Element Management System' + notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX Plus + product: NGINX Controller cves: cve-2021-4104: investigated: false @@ -287,7 +287,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - R19 - R25 + - 3.x cve-2021-45046: investigated: false affected_versions: [] @@ -303,9 +303,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX Open Source + product: NGINX Ingress Controller cves: cve-2021-4104: investigated: false @@ -317,7 +317,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x + - 1.x - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -333,9 +333,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX Unit + product: NGINX Instance Manager cves: cve-2021-4104: investigated: false @@ -363,9 +363,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX App Protect + product: NGINX Open Source cves: cve-2021-4104: investigated: false @@ -377,7 +377,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.x + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -393,9 +393,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX Controller + product: NGINX Plus cves: cve-2021-4104: investigated: false @@ -407,7 +407,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.x + - R19 - R25 cve-2021-45046: investigated: false affected_versions: [] @@ -423,9 +423,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX Ingress Controller + product: NGINX Service Mesh cves: cve-2021-4104: investigated: false @@ -437,7 +437,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x - 2.x + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -453,9 +453,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX Instance Manager + product: NGINX Unit cves: cve-2021-4104: investigated: false @@ -483,9 +483,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX Service Mesh + product: Traffix SDC cves: cve-2021-4104: investigated: false @@ -494,10 +494,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 5.x + - 5.2.0 CF1 + - 5.1.0 CF-30 - 5.1.0 CF-33 fixed_versions: [] - unaffected_versions: - - 1.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -510,12 +512,13 @@ software: unaffected_versions: [] vendor_links: - https://support.f5.com/csp/article/K19026212 - notes: '' + notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + + Kibana), Element Management System' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FAST LTA - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -542,9 +545,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fastly - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -571,7 +574,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FedEx product: Ship Manager Software cves: @@ -583,7 +586,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - Unknown + - 340x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -598,19 +601,19 @@ software: unaffected_versions: [] vendor_links: - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 - notes: 'Note: FedEx is aware of the issue related to the Log4j Remote Code Execution + notes: Note - FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check - FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative.' + FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Fiix - product: Fiix CMMS Core + - vendor: FedEx + product: Ship Manager Software cves: cve-2021-4104: investigated: false @@ -618,10 +621,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: - - v5 + - '3509' unaffected_versions: [] cve-2021-45046: investigated: false @@ -634,14 +637,20 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: The product has been updated to Log4j version 2.15. An additional patch - is being developed to update to 2.16. No user interaction is required. + - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 + notes: Note - FedEx is aware of the issue related to the Log4j Remote Code Execution + vulnerability affecting various Apache products. We are actively assessing the + situation and taking necessary action as appropriate. As a result, we are temporarily + unable to provide a link to download the FedEx Ship Manager software or generate + product keys needed for registration of FedEx Ship Manager software. We are + working to have this resolved as quickly as possible and apologize for the inconvenience. + For related questions or the most updated information, customers should check + FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: FileCap - product: '' + - vendor: Fiix + product: Fiix CMMS Core cves: cve-2021-4104: investigated: false @@ -649,9 +658,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -664,13 +674,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mailchi.mp/3f82266e0717/filecap-update-version-511 - notes: '' + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: The product has been updated to Log4j version 2.15. An additional patch + is being developed to update to 2.16. No user interaction is required. This + advisory is available to customer only and has not been reviewed by CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: FileCatalyst - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: FileCap + product: Plugins cves: cve-2021-4104: investigated: false @@ -678,10 +690,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -693,13 +706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability + - https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: FileCloud - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileCap + product: Server cves: cve-2021-4104: investigated: false @@ -707,9 +720,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.1.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -722,13 +736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers + - https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: FileWave - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileCatalyst + product: All cves: cve-2021-4104: investigated: false @@ -751,13 +765,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228 + - https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: FINVI - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileCloud + product: All cves: cve-2021-4104: investigated: false @@ -780,13 +794,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://finvi.com/support/ + - https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: FireDaemon - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileWave + product: All cves: cve-2021-4104: investigated: false @@ -809,13 +823,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.firedaemon.com/support/solutions/articles/4000178630 + - https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fisher & Paykel Healthcare - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileZilla + product: All cves: cve-2021-4104: investigated: false @@ -823,10 +837,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -838,13 +853,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fphcare.com/us/our-company/contact-us/product-security/ + - https://forum.filezilla-project.org/viewtopic.php?f=6&t=54338 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Flexagon - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FINVI + product: All cves: cve-2021-4104: investigated: false @@ -867,13 +882,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/ + - https://finvi.com/support/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Flexera - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FireDaemon + product: All cves: cve-2021-4104: investigated: false @@ -896,13 +911,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934 + - https://kb.firedaemon.com/support/solutions/articles/4000178630 notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Forcepoint - product: DLP Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fisher & Paykel Healthcare + product: All cves: cve-2021-4104: investigated: false @@ -910,10 +925,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -925,13 +941,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://www.fphcare.com/us/our-company/contact-us/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Forcepoint - product: Forcepoint Cloud Security Gateway (CSG) + last_updated: '2021-12-21T00:00:00' + - vendor: Flexagon + product: All cves: cve-2021-4104: investigated: false @@ -954,13 +970,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Forcepoint - product: Next Generation Firewall (NGFW) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Flexera + product: All cves: cve-2021-4104: investigated: false @@ -983,14 +999,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934 notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service - and Sidewinder + product: Advanced Malware Detection cves: cve-2021-4104: investigated: false @@ -998,10 +1013,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1014,12 +1030,13 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: One Endpoint + product: Behavioral Analytics cves: cve-2021-4104: investigated: false @@ -1043,12 +1060,13 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: Security Manager (Web, Email and DLP) + product: Bitglass SSE cves: cve-2021-4104: investigated: false @@ -1056,10 +1074,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1072,12 +1091,13 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Forescout - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: CASB cves: cve-2021-4104: investigated: false @@ -1100,13 +1120,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: ForgeRock - product: Autonomous Identity + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Cloud Security Gateway (CSG) cves: cve-2021-4104: investigated: false @@ -1114,10 +1135,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1129,13 +1151,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa - notes: all other ForgeRock products Not vulnerable + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiAIOps + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Content Gateway cves: cve-2021-4104: investigated: false @@ -1143,10 +1166,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1158,13 +1182,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiAnalyzer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: DDP/DUP/DPS cves: cve-2021-4104: investigated: false @@ -1187,13 +1212,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiAnalyzer Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Directory Synchronization cves: cve-2021-4104: investigated: false @@ -1201,10 +1227,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1216,13 +1243,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiAP + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: DLP Manager cves: cve-2021-4104: investigated: false @@ -1230,9 +1258,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1245,13 +1274,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiAuthenticator + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Email Security cves: cve-2021-4104: investigated: false @@ -1259,10 +1289,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1274,13 +1305,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiCASB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Insider Threat cves: cve-2021-4104: investigated: false @@ -1288,10 +1320,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1303,13 +1336,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiConvertor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Next Generation Firewall (NGFW) cves: cve-2021-4104: investigated: false @@ -1317,10 +1351,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1332,13 +1367,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiDeceptor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: NGFW Security Management Center cves: cve-2021-4104: investigated: false @@ -1346,9 +1382,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1361,13 +1398,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiEDR Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: NGFW Virtual SMC Appliances cves: cve-2021-4104: investigated: false @@ -1375,10 +1413,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: NGFW VPN Client + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1390,13 +1460,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiEDR Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: One Endpoint cves: cve-2021-4104: investigated: false @@ -1404,10 +1475,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Security Manager (Web, Email and DLP) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1419,13 +1522,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiGate Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Sidewinder cves: cve-2021-4104: investigated: false @@ -1433,10 +1537,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: User ID service + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1448,13 +1584,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiGSLB Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Web Security cves: cve-2021-4104: investigated: false @@ -1477,13 +1614,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiMail + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forescout + product: All cves: cve-2021-4104: investigated: false @@ -1506,13 +1644,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fortinet - product: FortiManager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ForgeRock + product: Autonomous Identity cves: cve-2021-4104: investigated: false @@ -1520,10 +1658,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa + notes: All other ForgeRock products not affected. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: Autonomous Identity + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1539,9 +1708,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiManager Cloud + product: FortiADC cves: cve-2021-4104: investigated: false @@ -1549,10 +1718,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1568,9 +1738,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiNAC + product: FortiAI cves: cve-2021-4104: investigated: false @@ -1578,10 +1748,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1597,9 +1768,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiNAC + product: FortiAIOps cves: cve-2021-4104: investigated: false @@ -1607,9 +1778,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1626,9 +1798,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiOS (includes FortiGate & FortiWiFi) + product: FortiAnalyzer cves: cve-2021-4104: investigated: false @@ -1636,10 +1808,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1655,9 +1828,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiPhish Cloud + product: FortiAnalyzer Big Cloud cves: cve-2021-4104: investigated: false @@ -1665,9 +1838,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 6.4.7 + - 7.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1684,9 +1859,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiPolicy + product: FortiAnalyzer Cloud cves: cve-2021-4104: investigated: false @@ -1694,10 +1869,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1713,9 +1889,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiPortal + product: FortiAP cves: cve-2021-4104: investigated: false @@ -1723,10 +1899,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1742,9 +1919,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiRecorder + product: FortiAuthenticator cves: cve-2021-4104: investigated: false @@ -1752,10 +1929,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1771,9 +1949,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSIEM + product: FortiCache cves: cve-2021-4104: investigated: false @@ -1781,10 +1959,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1800,9 +1979,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSOAR + product: FortiCarrier cves: cve-2021-4104: investigated: false @@ -1810,10 +1989,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1829,9 +2009,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSwicth Cloud in FortiLANCloud + product: FortiCASB cves: cve-2021-4104: investigated: false @@ -1839,9 +2019,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1858,9 +2039,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSwitch & FortiSwitchManager + product: FortiClient cves: cve-2021-4104: investigated: false @@ -1868,10 +2049,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1887,9 +2069,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiToken Cloud + product: FortiClient Cloud cves: cve-2021-4104: investigated: false @@ -1897,10 +2079,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1916,9 +2099,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiVoice + product: FortiClient EMS cves: cve-2021-4104: investigated: false @@ -1926,10 +2109,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1945,9 +2129,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiWeb Cloud + product: FortiConnect cves: cve-2021-4104: investigated: false @@ -1955,10 +2139,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1974,9 +2159,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: ShieldX + product: FortiConverter Portal cves: cve-2021-4104: investigated: false @@ -1984,8 +2169,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2003,9 +2189,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: FTAPI - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiCWP cves: cve-2021-4104: investigated: false @@ -2013,9 +2199,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2028,13 +2215,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/# + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Fujitsu - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDDoS cves: cve-2021-4104: investigated: false @@ -2042,10 +2229,2651 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDDoS-F + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDeceptor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiEDR Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiEDR Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiExtender Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiGate Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiGSLB Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiInsight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiIsolator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.3.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiLAN Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiMail + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiManager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiManager Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiMonitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiNAC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiOS (includes FortiGate & FortiWiFi) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPenTest + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPhish Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPolicy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPortal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPresence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiProxy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiRecorder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSandbox + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSASE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSIEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSOAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSwitch & FortiSwitchManager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSwitch Cloud in FortiLANCloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiTester + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiToken Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiVoice + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWeb Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWLC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: ShieldX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FTAPI + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/# + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000S series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS2000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V8 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V9 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH X1 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: TELLUS and V-Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 3 + - Version 4 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 5 + - Version 6 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fujitsu + product: AIS Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: Bean Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BS2000 Hardware + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BS2000 Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BX400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BX900 MMB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: eLux RP on FUTRO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS AB/HB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS CS800 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS CS8000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS DX/AF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS JX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS LT140/260 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS LT20/40/60 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS SF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS SF MA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: FlexFrame + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: INTELLIEGDLE A/G + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: iRMC on PRIMERGY + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ISM for PRIMERGY, PQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: NECoP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openFT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openSEAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openUTM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openUTM (WebAdm.) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: PRIMEFLEX for MS S2D + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: PTC Axeda (AIS Con.) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SBAX2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SBAX3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SecDocs + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView IM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView OM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView OM/UM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView RAID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView Rem. Con. + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView VIOM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SOA Pro. Mgmt. Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SOA SysRollout Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS Services for ISM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS UME + LinuxLife + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS VMware Op. Mgr. + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS VMware vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: Web Transactions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2061,9 +4889,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FusionAuth - product: FusionAuth + product: All cves: cve-2021-4104: investigated: false @@ -2091,5 +4919,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index a4fcb96..394687e 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: GE Digital - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35,7 +35,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Digital Grid - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -65,7 +65,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Baseline Security Center (BSC) + product: Asset Performance Management (APM) cves: cve-2021-4104: investigated: false @@ -73,10 +73,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed + in development environment and the team is currently deploying the fixes in + the production environment. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -88,9 +121,9 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power is still validating the workaround provided by FoxGuard in + Technical Information Notice – M1221-S01. references: - '' last_updated: '2021-12-22T00:00:00' @@ -103,10 +136,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that + is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded + from link in reference section. This update is available to customer only and + has not been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Control Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -118,14 +185,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Please see vCenter. Control Server is not directly impacted. It is impacted + through vCenter. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Asset Performance Management (APM) + product: MyFleet cves: cve-2021-4104: investigated: false @@ -133,9 +200,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -148,13 +216,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: GE verifying workaround. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Control Server + product: OPM Performance Intelligence cves: cve-2021-4104: investigated: false @@ -162,10 +230,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Planning + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -177,9 +276,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: The Control Server is Affected via vCenter. There is a fix for vCenter. - Please see below. GE verifying the vCenter fix as proposed by the vendor. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' last_updated: '2021-12-22T00:00:00' @@ -192,9 +290,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -207,11 +306,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the update provided by Vmware. The + update and instructions can be downloaded from link in reference section. This + update is available to customer only and has not been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' + last_updated: '2021-12-22T00:00:00' - vendor: GE Healthcare product: '' cves: @@ -243,7 +374,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Gearset - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -270,9 +401,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Genesys - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -299,9 +430,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GeoServer - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -328,9 +459,68 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Gerrit code review - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoNetwork + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: Gerrit Code Review + product: All cves: cve-2021-4104: investigated: false @@ -357,9 +547,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: GFI - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: All cves: cve-2021-4104: investigated: false @@ -386,9 +576,39 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: Kerio Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ghidra - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -415,7 +635,37 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghisler + product: Total Commander + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ghisler.com/whatsnew.htm + notes: Third Party plugins might contain log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gigamon product: Fabric Manager cves: @@ -425,9 +675,312 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <5.13.01.02 + investigated: true + affected_versions: [] + fixed_versions: + - <5.13.01.02 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.gigamon.com/gigamoncp/s/my-gigamon + notes: Updates available via the Gigamon Support Portal. This advisory available + to customers only and has not been reviewed by CISA. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: GitHub + product: GitHub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - GitHub.com and GitHub Enterprise Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: GitHub + product: GitHub Enterprise Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.0.22 + - 3.1.14 + - 3.2.6 + - 3.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: GitLab + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: DAST Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Dependency Scanning + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Gemnasium-Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: PMD OSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: SAST + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Spotbugs + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Globus + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -441,14 +994,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.gigamon.com/gigamoncp/s/my-gigamon - notes: Updates available via the Gigamon Support Portal. This advisory available - to customers only and has not been reviewed by CISA. + - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: GitHub - product: GitHub + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GoAnywhere + product: Agents cves: cve-2021-4104: investigated: false @@ -459,7 +1011,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - GitHub.com and GitHub Enterprise Cloud + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -472,13 +1024,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: GitLab - product: '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Gateway cves: cve-2021-4104: investigated: false @@ -486,9 +1038,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Version 2.7.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -501,13 +1054,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763 + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Globus - product: '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: MFT cves: cve-2021-4104: investigated: false @@ -515,9 +1068,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Version 5.3.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -530,13 +1084,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: MFT + product: MFT Agents cves: cve-2021-4104: investigated: false @@ -546,7 +1100,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 6.8.6 + - 1.4.2 or later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -561,12 +1115,12 @@ software: unaffected_versions: [] vendor_links: - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps - notes: '' + notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. references: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: Gateway + product: Open PGP Studio cves: cve-2021-4104: investigated: false @@ -575,9 +1129,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.8.4 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -596,7 +1150,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: MFT Agents + product: Suveyor/400 cves: cve-2021-4104: investigated: false @@ -605,10 +1159,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 1.6.5 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -626,7 +1180,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoCD - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -666,7 +1220,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: true affected_versions: [] @@ -679,12 +1234,13 @@ software: unaffected_versions: [] vendor_links: - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html - notes: Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. + notes: Chrome Browser releases, infrastructure and admin console are not using + versions of Log4j affected by the vulnerability. references: - '' last_updated: '2022-01-14' - vendor: Google Cloud - product: AI Platform Data Labeling + product: Access Transparency cves: cve-2021-4104: investigated: false @@ -692,10 +1248,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -714,7 +1271,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: AI Platform Neural Architecture Search (NAS) + product: Actifio cves: cve-2021-4104: investigated: false @@ -722,10 +1279,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -738,13 +1296,15 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and + has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) + for the full statement and to obtain the hotfix (available to Actifio customers + only). references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: AI Platform Training and Prediction + product: AI Platform Data Labeling cves: cve-2021-4104: investigated: false @@ -752,10 +1312,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -774,7 +1335,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Access Transparency + product: AI Platform Neural Architecture Search (NAS) cves: cve-2021-4104: investigated: false @@ -782,10 +1343,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -804,7 +1366,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Actifio + product: AI Platform Training and Prediction cves: cve-2021-4104: investigated: false @@ -812,10 +1374,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -828,10 +1391,8 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and - has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) - for the full statement and to obtain the hotfix (available to Actifio customers - only). + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' @@ -844,10 +1405,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -877,10 +1439,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -907,10 +1470,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -937,10 +1501,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -967,10 +1532,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -989,7 +1555,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Anthos Premium Software + product: Anthos on VMWare cves: cve-2021-4104: investigated: false @@ -997,10 +1563,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1014,12 +1581,16 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check + VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds + to their VMware products as they become available. We also recommend customers + review their respective applications and workloads affected by the same vulnerabilities + and apply appropriate patches. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Anthos Service Mesh + product: Anthos Premium Software cves: cve-2021-4104: investigated: false @@ -1027,10 +1598,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1049,7 +1621,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Anthos on VMWare + product: Anthos Service Mesh cves: cve-2021-4104: investigated: false @@ -1057,10 +1629,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1074,11 +1647,7 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check - VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds - to their VMware products as they become available. We also recommend customers - review their respective applications and workloads affected by the same vulnerabilities - and apply appropriate patches. + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' @@ -1091,10 +1660,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1126,10 +1696,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1159,10 +1730,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1192,10 +1764,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1222,10 +1795,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1252,10 +1826,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1282,10 +1857,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1312,10 +1888,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1342,10 +1919,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1372,10 +1950,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1402,10 +1981,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1432,10 +2012,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1462,10 +2043,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1492,10 +2074,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1523,10 +2106,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1553,10 +2137,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1583,10 +2168,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1613,10 +2199,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1643,10 +2230,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1673,10 +2261,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1706,10 +2295,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1736,10 +2326,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1771,10 +2362,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1793,7 +2385,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud DNS + product: Cloud Data Loss Prevention cves: cve-2021-4104: investigated: false @@ -1801,10 +2393,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1821,9 +2414,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Data Loss Prevention + product: Cloud Debugger cves: cve-2021-4104: investigated: false @@ -1831,10 +2424,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1853,7 +2447,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Debugger + product: Cloud Deployment Manager cves: cve-2021-4104: investigated: false @@ -1861,10 +2455,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1883,7 +2478,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Deployment Manager + product: Cloud DNS cves: cve-2021-4104: investigated: false @@ -1891,10 +2486,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1911,7 +2507,7 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud product: Cloud Endpoints cves: @@ -1921,10 +2517,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1951,10 +2548,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1981,10 +2579,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2014,10 +2613,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2036,7 +2636,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Intrusion Detection System (IDS) + product: Cloud Interconnect cves: cve-2021-4104: investigated: false @@ -2044,10 +2644,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2066,7 +2667,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Interconnect + product: Cloud Intrusion Detection System (IDS) cves: cve-2021-4104: investigated: false @@ -2074,10 +2675,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2104,10 +2706,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2134,10 +2737,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2164,10 +2768,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2186,7 +2791,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Network Address Translation (NAT) + product: Cloud Natural Language API cves: cve-2021-4104: investigated: false @@ -2194,10 +2799,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2214,9 +2820,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Natural Language API + product: Cloud Network Address Translation (NAT) cves: cve-2021-4104: investigated: false @@ -2224,10 +2830,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2244,7 +2851,7 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud product: Cloud Profiler cves: @@ -2254,10 +2861,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2284,10 +2892,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2314,10 +2923,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2347,10 +2957,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2372,7 +2983,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud SDK + product: Cloud Scheduler cves: cve-2021-4104: investigated: false @@ -2380,10 +2991,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2402,7 +3014,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud SQL + product: Cloud SDK cves: cve-2021-4104: investigated: false @@ -2410,10 +3022,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2430,9 +3043,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-19T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Scheduler + product: Cloud Shell cves: cve-2021-4104: investigated: false @@ -2440,10 +3053,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2457,12 +3071,15 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Shell environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Shell + product: Cloud Source Repositories cves: cve-2021-4104: investigated: false @@ -2470,10 +3087,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2487,15 +3105,12 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Shell environments to identify components dependent on Log4j 2 and update - them to the latest version. + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Source Repositories + product: Cloud Spanner cves: cve-2021-4104: investigated: false @@ -2503,10 +3118,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2523,9 +3139,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-19T00:00:00' - vendor: Google Cloud - product: Cloud Spanner + product: Cloud SQL cves: cve-2021-4104: investigated: false @@ -2533,10 +3149,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2563,10 +3180,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2593,10 +3211,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2623,10 +3242,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2653,10 +3273,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2683,10 +3304,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2705,7 +3327,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud VPN + product: Cloud Vision cves: cve-2021-4104: investigated: false @@ -2713,10 +3335,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2733,9 +3356,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Vision + product: Cloud Vision OCR On-Prem cves: cve-2021-4104: investigated: false @@ -2743,10 +3366,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2765,7 +3389,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Vision OCR On-Prem + product: Cloud VPN cves: cve-2021-4104: investigated: false @@ -2773,10 +3397,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2793,7 +3418,7 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud product: CompilerWorks cves: @@ -2803,10 +3428,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2833,10 +3459,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2865,10 +3492,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2895,10 +3523,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2925,10 +3554,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2955,10 +3585,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2987,10 +3618,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3020,10 +3652,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3050,10 +3683,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3084,10 +3718,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3116,10 +3751,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3149,10 +3785,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3179,10 +3816,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3209,10 +3847,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3239,10 +3878,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3269,10 +3909,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3299,10 +3940,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3329,10 +3971,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3361,10 +4004,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3391,10 +4035,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3421,10 +4066,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3451,10 +4097,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3481,10 +4128,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3511,10 +4159,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3541,10 +4190,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3574,10 +4224,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3604,10 +4255,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3634,10 +4286,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3664,10 +4317,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3694,10 +4348,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3710,7 +4365,7 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. + notes: Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that @@ -3731,10 +4386,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3761,10 +4417,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3791,10 +4448,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3821,10 +4479,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3854,10 +4513,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3884,10 +4544,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3914,10 +4575,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3944,10 +4606,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3974,10 +4637,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4004,10 +4668,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4037,10 +4702,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4067,10 +4733,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4097,10 +4764,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4127,10 +4795,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4157,10 +4826,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4187,10 +4857,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4217,10 +4888,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4247,10 +4919,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4277,10 +4950,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4307,10 +4981,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4337,10 +5012,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4367,10 +5043,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4397,10 +5074,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4427,10 +5105,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4457,10 +5136,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4487,10 +5167,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4517,10 +5198,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4547,10 +5229,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4577,10 +5260,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4607,10 +5291,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4629,7 +5314,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Gradle - product: Gradle + product: All cves: cve-2021-4104: investigated: false @@ -4637,10 +5322,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4656,7 +5342,7 @@ software: notes: Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gradle product: Gradle Enterprise cves: @@ -4667,9 +5353,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - < 2021.3.6 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -4686,7 +5372,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gradle product: Gradle Enterprise Build Cache Node cves: @@ -4697,9 +5383,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - < 10.1 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -4716,7 +5402,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gradle product: Gradle Enterprise Test Distribution Agent cves: @@ -4727,9 +5413,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - < 1.6.2 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -4746,9 +5432,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grafana - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4756,10 +5442,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4775,9 +5462,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grandstream - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4804,7 +5491,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Access Management cves: @@ -4834,7 +5521,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Access Management cves: @@ -4864,9 +5551,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee - product: API Management + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -4878,7 +5565,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - 1.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -4894,9 +5581,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee - product: API Management + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -4908,7 +5595,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -4924,9 +5611,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee - product: Alert Engine + product: API Management cves: cve-2021-4104: investigated: false @@ -4938,7 +5625,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.5.x + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -4954,9 +5641,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee - product: Alert Engine + product: API Management cves: cve-2021-4104: investigated: false @@ -4968,7 +5655,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -4984,7 +5671,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Cockpit cves: @@ -5014,9 +5701,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravitee.io - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravwell + product: All cves: cve-2021-4104: investigated: false @@ -5024,10 +5711,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5039,13 +5727,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + notes: Gravwell products do not use Java. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravwell - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Graylog + product: All cves: cve-2021-4104: investigated: false @@ -5053,9 +5741,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.3.15 + - 4.0.14 + - 4.1.9 + - 4.2.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5068,11 +5760,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products - notes: '' + - https://www.graylog.org/post/graylog-update-for-log4j + notes: The vulnerable Log4j library is used to record GrayLogs own log information. + Vulnerability is not triggered when GrayLog stores exploitation vector from + an outer system. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Graylog product: Graylog Server cves: @@ -5083,9 +5777,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - All versions >= 1.2.0 and <= 4.2.2 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5102,9 +5796,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GreenShot - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5112,10 +5806,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5131,7 +5826,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GSA product: Cloud.gov cves: @@ -5161,8 +5856,38 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: GuardedBox + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.1.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/GuardedBox/status/1469739834117799939 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Guidewire - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5189,5 +5914,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_H.yml b/data/cisagov_H.yml index ec3baf7..b9d31cf 100644 --- a/data/cisagov_H.yml +++ b/data/cisagov_H.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HarmanPro AMX product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Boundary cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Consul cves: @@ -119,7 +119,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Consul Enterprise cves: @@ -148,7 +148,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Nomad cves: @@ -177,7 +177,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Nomad Enterprise cves: @@ -206,7 +206,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Packer cves: @@ -235,7 +235,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Terraform cves: @@ -264,7 +264,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Terraform Enterprise cves: @@ -293,7 +293,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Vagrant cves: @@ -322,7 +322,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Vault cves: @@ -351,7 +351,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Vault Enterprise cves: @@ -380,7 +380,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Waypoint cves: @@ -409,7 +409,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HCL Software product: BigFix Compliance cves: @@ -648,7 +648,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HENIX product: Squash TM cves: @@ -661,9 +661,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - 1.21.7 - 1.22.9 - - 2.0.3 - 2.1.5 - - 2.2.0 - 3.0.2 + - 1.21.7-1.22.9 + - 2.0.3-2.1.5 + - 2.2.0-3.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -709,7 +709,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hikvision product: '' cves: @@ -738,7 +738,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hitachi Energy product: 3rd party - Elastic Search, Kibana cves: @@ -770,6 +770,40 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: 3rd party - Oracle Database Components + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.1' + - '12.2' + - 19c + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: As this is a third-party component, a separate patch management report + will be provided to customers with the steps to apply the Oracle provided patches + for these components. + references: + - '' + last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy product: Axis cves: @@ -891,7 +925,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hitachi Energy product: FOXMAN-UN cves: @@ -960,7 +994,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy - product: Lumada APM SaaS offering + product: Lumada APM On-premises cves: cve-2021-4104: investigated: false @@ -984,13 +1018,12 @@ software: unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. The SaaS offering has been patched - per the recommendations. + notes: See vendor advisory for instructions for various versions. references: - '' last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy - product: Lumada APM On-premises + product: Lumada APM SaaS offering cves: cve-2021-4104: investigated: false @@ -1014,7 +1047,8 @@ software: unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions for various versions. + notes: No action is required by customers. The SaaS offering has been patched + per the recommendations. references: - '' last_updated: '2022-01-05T00:00:00' @@ -1079,38 +1113,6 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Network Manager Outage Management Interface (CMI) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - 9.0 - 9.10.44 - - 9.1.1 - - 10.3.4 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions on mitigation steps. - references: - - '' - last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy product: Network Manager ADMS Network Model Server cves: @@ -1123,7 +1125,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 9.1.0.32 - 9.1.0.44 + - 9.1.0.32-9.1.0.44 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1142,7 +1144,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy - product: 3rd party - Oracle Database Components + product: Network Manager Outage Management Interface (CMI) cves: cve-2021-4104: investigated: false @@ -1153,9 +1155,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - '12.1' - - '12.2' - - 19c + - 9.0-9.10.44 + - 9.1.1 + - 10.3.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1169,9 +1171,7 @@ software: unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: As this is a third-party component, a separate patch management report - will be provided to customers with the steps to apply the Oracle provided patches - for these components. + notes: See vendor advisory for instructions on mitigation steps. references: - '' last_updated: '2022-01-05T00:00:00' @@ -1332,9 +1332,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HMS Industrial Networks AB - product: Talk2M including M2Web + product: Cosy, Flexy and Ewon CD cves: cve-2021-4104: investigated: false @@ -1363,7 +1363,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: HMS Industrial Networks AB - product: Cosy, Flexy and Ewon CD + product: eCatcher Mobile applications cves: cve-2021-4104: investigated: false @@ -1421,7 +1421,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: HMS Industrial Networks AB - product: eCatcher Mobile applications + product: Netbiter Hardware including EC, WS, and LC cves: cve-2021-4104: investigated: false @@ -1450,7 +1450,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: HMS Industrial Networks AB - product: Netbiter Hardware including EC, WS, and LC + product: Talk2M including M2Web cves: cve-2021-4104: investigated: false @@ -1478,8 +1478,8 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' - - vendor: Honeywell - product: '' + - vendor: HOLOGIC + product: Advanced Workflow Manager (AWM) cves: cve-2021-4104: investigated: false @@ -1502,13 +1502,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability - notes: '' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HP - product: Teradici Cloud Access Controller + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Affirm Prone Biopsy System cves: cve-2021-4104: investigated: false @@ -1516,10 +1518,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < v113 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1532,13 +1533,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici EMSDK + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Brevera Breast Biopsy System cves: cve-2021-4104: investigated: false @@ -1546,10 +1547,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 1.0.6 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1562,13 +1562,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici Management Console + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Cenova Image Analytics Server cves: cve-2021-4104: investigated: false @@ -1576,10 +1576,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 21.10.3 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1592,13 +1591,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP Connection Manager + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Dimensions / 3Dimensions Mammography System cves: cve-2021-4104: investigated: false @@ -1606,11 +1605,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 21.03.6 - - < 20.07.4 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1623,13 +1620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP License Server + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Discovery Bone Densitometer cves: cve-2021-4104: investigated: false @@ -1652,13 +1649,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HPE - product: 3PAR StoreServ Arrays + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron CT Specimen Radiography System cves: cve-2021-4104: investigated: false @@ -1681,13 +1678,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, there is + a utility program installed that may utilize Java and Log4J. This utility program + does not run on startup and is not required for system operation. Please contact + Hologic Service for assistance in removing this program. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: AirWave Management Platform + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron Specimen Radiography Systems cves: cve-2021-4104: investigated: false @@ -1710,13 +1710,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 6000 + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Fluoroscan Insight Mini C-Arm cves: cve-2021-4104: investigated: false @@ -1739,13 +1739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 9k + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Horizon DXA Bone Densitometer cves: cve-2021-4104: investigated: false @@ -1768,13 +1768,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Central + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Rosetta DC Tomosynthesis Data Converter cves: cve-2021-4104: investigated: false @@ -1797,13 +1797,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurView DX Workstation cves: cve-2021-4104: investigated: false @@ -1826,13 +1826,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurXChange Router cves: cve-2021-4104: investigated: false @@ -1855,13 +1855,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Instant (IAP) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) cves: cve-2021-4104: investigated: false @@ -1884,13 +1884,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Location Services + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Trident HD Specimen Radiography System cves: cve-2021-4104: investigated: false @@ -1913,13 +1913,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba NetEdit + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Unifi Workspace cves: cve-2021-4104: investigated: false @@ -1942,13 +1942,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba PVOS Switches + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Windows Selenia Mammography System cves: cve-2021-4104: investigated: false @@ -1971,13 +1973,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba SDN VAN Controller + last_updated: '2021-12-20T00:00:00' + - vendor: Honeywell + product: '' cves: cve-2021-4104: investigated: false @@ -2000,13 +2002,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba User Experience Insight (UXI) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HP + product: Teradici Cloud Access Controller cves: cve-2021-4104: investigated: false @@ -2014,9 +2016,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < v113 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2029,13 +2032,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba VIA Client + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici EMSDK cves: cve-2021-4104: investigated: false @@ -2043,9 +2046,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2058,13 +2062,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-CX switches + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici Management Console cves: cve-2021-4104: investigated: false @@ -2072,10 +2076,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 21.10.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP Connection Manager + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 21.03.6 + - < 20.07.4 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2086,14 +2122,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + vendor_links: + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-S switches + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP License Server cves: cve-2021-4104: investigated: false @@ -2116,13 +2152,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-17T00:00:00' - vendor: HPE - product: ArubaOS SD-WAN Controllers and Gateways + product: 3PAR StoreServ Arrays cves: cve-2021-4104: investigated: false @@ -2151,7 +2187,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: ArubaOS Wi-Fi Controllers and Gateways + product: AirWave Management Platform cves: cve-2021-4104: investigated: false @@ -2180,7 +2216,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: BladeSystem Onboard Administrator + product: Alletra 6000 cves: cve-2021-4104: investigated: false @@ -2209,7 +2245,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy + product: Alletra 9k cves: cve-2021-4104: investigated: false @@ -2238,7 +2274,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class + product: Aruba Central cves: cve-2021-4104: investigated: false @@ -2267,7 +2303,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -2296,7 +2332,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade Network Advisor + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -2325,7 +2361,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: CloudAuth + product: Aruba Instant (IAP) cves: cve-2021-4104: investigated: false @@ -2354,7 +2390,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: CloudPhysics + product: Aruba Location Services cves: cve-2021-4104: investigated: false @@ -2383,7 +2419,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Compute Cloud Console + product: Aruba NetEdit cves: cve-2021-4104: investigated: false @@ -2412,7 +2448,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Compute operations manager- FW UPDATE SERVICE + product: Aruba PVOS Switches cves: cve-2021-4104: investigated: false @@ -2441,7 +2477,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: COS (Cray Operating System) + product: Aruba SDN VAN Controller cves: cve-2021-4104: investigated: false @@ -2470,7 +2506,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Cray Systems Management (CSM) + product: Aruba User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -2499,7 +2535,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Custom SPP Portal [Link](https://spp.hpe.com/custom) + product: Aruba VIA Client cves: cve-2021-4104: investigated: false @@ -2528,7 +2564,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Data Services Cloud Console + product: ArubaOS SD-WAN Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -2557,7 +2593,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Harmony Data Platform + product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -2586,7 +2622,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HOP public services (grafana, vault, rancher, Jenkins) + product: ArubaOS-CX switches cves: cve-2021-4104: investigated: false @@ -2615,7 +2651,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN2600B SAN Extension Switch + product: ArubaOS-S switches cves: cve-2021-4104: investigated: false @@ -2644,7 +2680,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN4000B SAN Extension Switch + product: BladeSystem Onboard Administrator cves: cve-2021-4104: investigated: false @@ -2673,7 +2709,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6000B Fibre Channel Switch + product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -2702,7 +2738,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6500B Fibre Channel Switch + product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class cves: cve-2021-4104: investigated: false @@ -2731,7 +2767,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6600B Fibre Channel Switch + product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -2760,7 +2796,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6650B Fibre Channel Switch + product: Brocade Network Advisor cves: cve-2021-4104: investigated: false @@ -2789,7 +2825,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6700B Fibre Channel Switch + product: CloudAuth cves: cve-2021-4104: investigated: false @@ -2818,7 +2854,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Customer Experience Assurance (CEA) + product: CloudPhysics cves: cve-2021-4104: investigated: false @@ -2845,9 +2881,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager + product: Compute Cloud Console cves: cve-2021-4104: investigated: false @@ -2876,7 +2912,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Home Location Register (HLR/I-HLR) + product: Compute operations manager- FW UPDATE SERVICE cves: cve-2021-4104: investigated: false @@ -2903,9 +2939,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Infosight for Servers + product: COS (Cray Operating System) cves: cve-2021-4104: investigated: false @@ -2934,7 +2970,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Integrated Home Subscriber Server (I-HSS) + product: Cray Systems Management (CSM) cves: cve-2021-4104: investigated: false @@ -2961,9 +2997,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Intelligent Messaging (IM) + product: Custom SPP Portal [Link](https://spp.hpe.com/custom) cves: cve-2021-4104: investigated: false @@ -2990,9 +3026,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Intelligent Network Server (INS) + product: Data Services Cloud Console cves: cve-2021-4104: investigated: false @@ -3019,9 +3055,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Multimedia Services Environment (MSE) + product: Harmony Data Platform cves: cve-2021-4104: investigated: false @@ -3048,9 +3084,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Convergent Communications Platform (OCCP) + product: HOP public services (grafana, vault, rancher, Jenkins) cves: cve-2021-4104: investigated: false @@ -3077,9 +3113,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Media Platform Media Resource Function (OCMP-MRF) + product: HPE B-series SN2600B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -3106,9 +3142,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Service Access Controller (OC SAC) + product: HPE B-series SN4000B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -3135,9 +3171,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Service Controller (OCSC) + product: HPE B-series SN6000B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3164,9 +3200,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Universal Signaling Platform (OC-USP-M) + product: HPE B-series SN6500B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3193,9 +3229,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OneView + product: HPE B-series SN6600B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3224,7 +3260,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OneView for VMware vRealize Operations (vROps) + product: HPE B-series SN6650B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3253,7 +3289,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OneView Global Dashboard + product: HPE B-series SN6700B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3282,7 +3318,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Performance Cluster Manager (HPCM) + product: HPE Customer Experience Assurance (CEA) cves: cve-2021-4104: investigated: false @@ -3311,7 +3347,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Performance Manager (PM) + product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -3338,9 +3374,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Position Determination Entity (PDE) + product: HPE Home Location Register (HLR/I-HLR) cves: cve-2021-4104: investigated: false @@ -3369,7 +3405,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Secure Identity Broker (SIB) + product: HPE Infosight for Servers cves: cve-2021-4104: investigated: false @@ -3396,9 +3432,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Service Activator (SA) + product: HPE Integrated Home Subscriber Server (I-HSS) cves: cve-2021-4104: investigated: false @@ -3427,7 +3463,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Service Governance Framework (SGF) + product: HPE Intelligent Messaging (IM) cves: cve-2021-4104: investigated: false @@ -3456,7 +3492,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Service Orchestration Manager (SOM) + product: HPE Intelligent Network Server (INS) cves: cve-2021-4104: investigated: false @@ -3485,7 +3521,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Service Provisioner (SP) + product: HPE Multimedia Services Environment (MSE) cves: cve-2021-4104: investigated: false @@ -3514,7 +3550,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Short Message Point-to-Point Gateway (SMPP) + product: HPE OC Convergent Communications Platform (OCCP) cves: cve-2021-4104: investigated: false @@ -3543,7 +3579,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Slingshot + product: HPE OC Media Platform Media Resource Function (OCMP-MRF) cves: cve-2021-4104: investigated: false @@ -3570,9 +3606,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Smart Interaction Server (SIS) + product: HPE OC Service Access Controller (OC SAC) cves: cve-2021-4104: investigated: false @@ -3601,7 +3637,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN3000B Fibre Channel Switch + product: HPE OC Service Controller (OCSC) cves: cve-2021-4104: investigated: false @@ -3628,9 +3664,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN8000B 4-Slot SAN Director Switch + product: HPE OC Universal Signaling Platform (OC-USP-M) cves: cve-2021-4104: investigated: false @@ -3657,9 +3693,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN8000B 8-Slot SAN Backbone Director Switch + product: HPE OneView cves: cve-2021-4104: investigated: false @@ -3688,7 +3724,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE SN8600B 4-Slot SAN Director Switch + product: HPE OneView for VMware vRealize Operations (vROps) cves: cve-2021-4104: investigated: false @@ -3717,7 +3753,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE SN8600B 8-Slot SAN Director Switch + product: HPE OneView Global Dashboard cves: cve-2021-4104: investigated: false @@ -3746,7 +3782,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE SN8700B 4-Slot Director Switch + product: HPE Performance Cluster Manager (HPCM) cves: cve-2021-4104: investigated: false @@ -3773,9 +3809,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN8700B 8-Slot Director Switch + product: HPE Performance Manager (PM) cves: cve-2021-4104: investigated: false @@ -3802,9 +3838,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Subscriber, Network, and Application Policy (SNAP) + product: HPE Position Determination Entity (PDE) cves: cve-2021-4104: investigated: false @@ -3833,7 +3869,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Subscription Manager (SM) + product: HPE Secure Identity Broker (SIB) cves: cve-2021-4104: investigated: false @@ -3862,7 +3898,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Synergy Image Streamer + product: HPE Service Activator (SA) cves: cve-2021-4104: investigated: false @@ -3889,9 +3925,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Systems Insight Manager (SIM) + product: HPE Service Governance Framework (SGF) cves: cve-2021-4104: investigated: false @@ -3918,9 +3954,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Telecom Application Server (TAS) + product: HPE Service Orchestration Manager (SOM) cves: cve-2021-4104: investigated: false @@ -3949,7 +3985,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Unified Correlation and Automation (UCA) + product: HPE Service Provisioner (SP) cves: cve-2021-4104: investigated: false @@ -3978,7 +4014,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Unified Mediation Bus (UMB) + product: HPE Short Message Point-to-Point Gateway (SMPP) cves: cve-2021-4104: investigated: false @@ -4007,7 +4043,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Unified OSS Console (UOC) + product: HPE Slingshot cves: cve-2021-4104: investigated: false @@ -4034,9 +4070,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Unified Topology Manager (UTM) + product: HPE Smart Interaction Server (SIS) cves: cve-2021-4104: investigated: false @@ -4065,7 +4101,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Universal Identity Repository (VIR) + product: HPE SN3000B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -4092,9 +4128,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Universal SLA Manager (uSLAM) + product: HPE SN8000B 4-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -4121,9 +4157,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Connect + product: HPE SN8000B 8-Slot SAN Backbone Director Switch cves: cve-2021-4104: investigated: false @@ -4152,7 +4188,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Connect Enterprise Manager (VCEM) + product: HPE SN8600B 4-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -4181,7 +4217,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Provisioning Gateway (vPGW) + product: HPE SN8600B 8-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -4208,9 +4244,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Server Environment (VSE) + product: HPE SN8700B 4-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -4239,7 +4275,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Subscriber Data Management (vSDM) + product: HPE SN8700B 8-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -4266,9 +4302,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE WebRTC Gateway Controller (WGW) + product: HPE Subscriber, Network, and Application Policy (SNAP) cves: cve-2021-4104: investigated: false @@ -4297,7 +4333,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Wi-Fi Authentication Gateway (WauG) + product: HPE Subscription Manager (SM) cves: cve-2021-4104: investigated: false @@ -4324,9 +4360,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Insight Cluster Management Utility (CMU) + product: HPE Synergy Image Streamer cves: cve-2021-4104: investigated: false @@ -4355,7 +4391,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrated Lights-Out (iLO) Amplifier Pack + product: HPE Systems Insight Manager (SIM) cves: cve-2021-4104: investigated: false @@ -4384,7 +4420,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrated Lights-Out 4 (iLO 4) + product: HPE Telecom Application Server (TAS) cves: cve-2021-4104: investigated: false @@ -4392,11 +4428,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '4' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4412,9 +4447,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrated Lights-Out 5 (iLO 5) + product: HPE Unified Correlation and Automation (UCA) cves: cve-2021-4104: investigated: false @@ -4422,11 +4457,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '5' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4442,9 +4476,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity BL860c, BL870c, BL890c + product: HPE Unified Mediation Bus (UMB) cves: cve-2021-4104: investigated: false @@ -4471,9 +4505,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity Rx2800/Rx2900 + product: HPE Unified OSS Console (UOC) cves: cve-2021-4104: investigated: false @@ -4500,9 +4534,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity Superdome 2 + product: HPE Unified Topology Manager (UTM) cves: cve-2021-4104: investigated: false @@ -4529,9 +4563,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity Superdome X + product: HPE Universal Identity Repository (VIR) cves: cve-2021-4104: investigated: false @@ -4558,9 +4592,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Intelligent Provisioning + product: HPE Universal SLA Manager (uSLAM) cves: cve-2021-4104: investigated: false @@ -4587,9 +4621,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: iSUT integrated smart update tool + product: HPE Virtual Connect cves: cve-2021-4104: investigated: false @@ -4618,7 +4652,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Maven Artifacts (Atlas) + product: HPE Virtual Connect Enterprise Manager (VCEM) cves: cve-2021-4104: investigated: false @@ -4647,7 +4681,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: MSA + product: HPE Virtual Provisioning Gateway (vPGW) cves: cve-2021-4104: investigated: false @@ -4674,9 +4708,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: NetEdit + product: HPE Virtual Server Environment (VSE) cves: cve-2021-4104: investigated: false @@ -4705,7 +4739,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Nimble Storage + product: HPE Virtual Subscriber Data Management (vSDM) cves: cve-2021-4104: investigated: false @@ -4732,9 +4766,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: NS-T0634-OSM CONSOLE TOOLS + product: HPE WebRTC Gateway Controller (WGW) cves: cve-2021-4104: investigated: false @@ -4761,9 +4795,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: NS-T0977-SCHEMA VALIDATOR + product: HPE Wi-Fi Authentication Gateway (WauG) cves: cve-2021-4104: investigated: false @@ -4792,7 +4826,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: OfficeConnect + product: Insight Cluster Management Utility (CMU) cves: cve-2021-4104: investigated: false @@ -4821,7 +4855,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Primera Storage + product: Integrated Lights-Out (iLO) Amplifier Pack cves: cve-2021-4104: investigated: false @@ -4850,7 +4884,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: RepoServer part of OPA (on Premises aggregator) + product: Integrated Lights-Out 4 (iLO 4) cves: cve-2021-4104: investigated: false @@ -4858,10 +4892,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '4' cve-2021-45046: investigated: false affected_versions: [] @@ -4879,7 +4914,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Resource Aggregator for Open Distributed Infrastructure Management + product: Integrated Lights-Out 5 (iLO 5) cves: cve-2021-4104: investigated: false @@ -4887,10 +4922,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '5' cve-2021-45046: investigated: false affected_versions: [] @@ -4908,7 +4944,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: RESTful Interface Tool (iLOREST) + product: Integrity BL860c, BL870c, BL890c cves: cve-2021-4104: investigated: false @@ -4937,7 +4973,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SAT (System Admin Toolkit) + product: Integrity Rx2800/Rx2900 cves: cve-2021-4104: investigated: false @@ -4966,7 +5002,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) + product: Integrity Superdome 2 cves: cve-2021-4104: investigated: false @@ -4995,7 +5031,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI MC990 X Server + product: Integrity Superdome X cves: cve-2021-4104: investigated: false @@ -5024,7 +5060,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 2000 Server + product: Intelligent Provisioning cves: cve-2021-4104: investigated: false @@ -5053,7 +5089,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 300, 300H, 300RL, 30EX + product: iSUT integrated smart update tool cves: cve-2021-4104: investigated: false @@ -5082,7 +5118,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 3000 Server + product: Maven Artifacts (Atlas) cves: cve-2021-4104: investigated: false @@ -5111,7 +5147,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SN8700B 8-Slot Director Switch + product: MSA cves: cve-2021-4104: investigated: false @@ -5140,7 +5176,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEasy + product: NetEdit cves: cve-2021-4104: investigated: false @@ -5169,7 +5205,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver CVTL + product: Nimble Storage cves: cve-2021-4104: investigated: false @@ -5198,7 +5234,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver LTO Tape Drives + product: NS-T0634-OSM CONSOLE TOOLS cves: cve-2021-4104: investigated: false @@ -5227,7 +5263,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver MSL Tape Libraries + product: NS-T0977-SCHEMA VALIDATOR cves: cve-2021-4104: investigated: false @@ -5256,7 +5292,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreOnce + product: OfficeConnect cves: cve-2021-4104: investigated: false @@ -5285,7 +5321,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SUM (Smart Update Manager) + product: Primera Storage cves: cve-2021-4104: investigated: false @@ -5314,7 +5350,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Superdome Flex 280 + product: RepoServer part of OPA (on Premises aggregator) cves: cve-2021-4104: investigated: false @@ -5343,7 +5379,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Superdome Flex Server + product: Resource Aggregator for Open Distributed Infrastructure Management cves: cve-2021-4104: investigated: false @@ -5351,7 +5387,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -5372,7 +5408,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: UAN (User Access Node) + product: RESTful Interface Tool (iLOREST) cves: cve-2021-4104: investigated: false @@ -5400,8 +5436,8 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' - - vendor: HOLOGIC - product: Advanced Workflow Manager (AWM) + - vendor: HPE + product: SAT (System Admin Toolkit) cves: cve-2021-4104: investigated: false @@ -5424,15 +5460,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Unifi Workspace + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) cves: cve-2021-4104: investigated: false @@ -5455,15 +5489,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron CT Specimen Radiography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI MC990 X Server cves: cve-2021-4104: investigated: false @@ -5486,16 +5518,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, there is - a utility program installed that may utilize Java and Log4J. This utility program - does not run on startup and is not required for system operation. Please contact - Hologic Service for assistance in removing this program. + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Dimensions / 3Dimensions Mammography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 2000 Server cves: cve-2021-4104: investigated: false @@ -5518,13 +5547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Affirm Prone Biopsy System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 300, 300H, 300RL, 30EX cves: cve-2021-4104: investigated: false @@ -5547,13 +5576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Brevera Breast Biopsy System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 3000 Server cves: cve-2021-4104: investigated: false @@ -5576,13 +5605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Trident HD Specimen Radiography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SN8700B 8-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -5605,13 +5634,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurView DX Workstation + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEasy cves: cve-2021-4104: investigated: false @@ -5634,13 +5663,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Cenova Image Analytics Server + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver CVTL cves: cve-2021-4104: investigated: false @@ -5663,13 +5692,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurXChange Router + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver LTO Tape Drives cves: cve-2021-4104: investigated: false @@ -5692,13 +5721,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Rosetta DC Tomosynthesis Data Converter + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver MSL Tape Libraries cves: cve-2021-4104: investigated: false @@ -5721,13 +5750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron Specimen Radiography Systems + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreOnce cves: cve-2021-4104: investigated: false @@ -5750,13 +5779,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Horizon DXA Bone Densitometer + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SUM (Smart Update Manager) cves: cve-2021-4104: investigated: false @@ -5779,13 +5808,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Discovery Bone Densitometer + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex 280 cves: cve-2021-4104: investigated: false @@ -5808,13 +5837,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Fluoroscan Insight Mini C-Arm + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex Server cves: cve-2021-4104: investigated: false @@ -5837,13 +5866,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: UAN (User Access Node) cves: cve-2021-4104: investigated: false @@ -5866,13 +5895,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Windows Selenia Mammography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE/Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -5880,9 +5909,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '9.09' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5895,11 +5925,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://portal.microfocus.com/s/article/KM000003243 notes: '' references: - - '' - last_updated: '2021-12-20T00:00:00' + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-17T00:00:00' - vendor: Huawei product: '' cves: @@ -5928,7 +5958,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hubspot product: '' cves: @@ -5957,5 +5987,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_I.yml b/data/cisagov_I.yml index 348159f..557f031 100644 --- a/data/cisagov_I.yml +++ b/data/cisagov_I.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: I2P product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBA-AG product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ibexa product: '' cves: @@ -119,9 +119,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM - product: BigFix Compliance + product: Analytics Engine cves: cve-2021-4104: investigated: false @@ -143,13 +143,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: BigFix Inventory + product: App Configuration cves: cve-2021-4104: investigated: false @@ -157,9 +158,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - VM Manager Tool & SAP Tool + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -172,15 +172,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: To verify if your instance is affected, go to the lib subdirectory of the - tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version - of log4j is included. Version is included in the name of the library. + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Analytics Engine + product: App Connect cves: cve-2021-4104: investigated: false @@ -209,7 +208,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: App Configuration + product: App ID cves: cve-2021-4104: investigated: false @@ -238,7 +237,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: App Connect + product: Application Gateway cves: cve-2021-4104: investigated: false @@ -267,7 +266,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: App ID + product: Aspera cves: cve-2021-4104: investigated: false @@ -296,7 +295,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Application Gateway + product: Aspera Endpoint cves: cve-2021-4104: investigated: false @@ -325,7 +324,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera Endpoint + product: Aspera Enterprise cves: cve-2021-4104: investigated: false @@ -354,7 +353,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera Enterprise + product: Aspera fasp.io cves: cve-2021-4104: investigated: false @@ -383,7 +382,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera fasp.io + product: Bare Metal Servers cves: cve-2021-4104: investigated: false @@ -412,7 +411,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera + product: BigFix Compliance cves: cve-2021-4104: investigated: false @@ -434,14 +433,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM - product: Bare Metal Servers + product: BigFix Inventory cves: cve-2021-4104: investigated: false @@ -449,8 +447,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - VM Manager Tool & SAP Tool fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -463,12 +462,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: To verify if your instance is affected, go to the lib subdirectory of the + tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version + of log4j is included. Version is included in the name of the library. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Block Storage cves: @@ -3198,7 +3198,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Mass Data Migration cves: @@ -3808,7 +3808,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Robotic Process Automation cves: @@ -4010,7 +4010,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Spectrum Archive Library Edition cves: @@ -5663,7 +5663,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IGEL product: '' cves: @@ -5692,7 +5692,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ignite Realtime product: '' cves: @@ -5721,7 +5721,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: iGrafx product: '' cves: @@ -5750,7 +5750,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Illuminated Cloud product: '' cves: @@ -5779,7 +5779,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Illumio product: C-VEN cves: @@ -6185,7 +6185,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Imperva product: '' cves: @@ -6214,9 +6214,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Inductive Automation - product: '' + product: Ignition cves: cve-2021-4104: investigated: false @@ -6224,10 +6224,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6240,10 +6241,11 @@ software: unaffected_versions: [] vendor_links: - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day - notes: '' + notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but + they used an older version (1.2) that was not affected by this vulnerability. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-19T00:00:00' - vendor: IndustrialDefender product: '' cves: @@ -6272,7 +6274,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: infinidat product: '' cves: @@ -6301,7 +6303,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: InfluxData product: '' cves: @@ -6330,7 +6332,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Infoblox product: '' cves: @@ -6359,7 +6361,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Informatica product: '' cves: @@ -6388,7 +6390,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Instana product: '' cves: @@ -6417,7 +6419,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Instructure product: '' cves: @@ -6446,7 +6448,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Intel product: Audio Development Kit cves: @@ -6477,7 +6479,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Datacenter Manager + product: Computer Vision Annotation Tool maintained by Intel cves: cve-2021-4104: investigated: false @@ -6506,7 +6508,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: oneAPI sample browser plugin for Eclipse + product: Datacenter Manager cves: cve-2021-4104: investigated: false @@ -6535,7 +6537,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: System Debugger + product: Genomics Kernel Library cves: cve-2021-4104: investigated: false @@ -6564,7 +6566,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Secure Device Onboard + product: oneAPI sample browser plugin for Eclipse cves: cve-2021-4104: investigated: false @@ -6593,7 +6595,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Genomics Kernel Library + product: Secure Device Onboard cves: cve-2021-4104: investigated: false @@ -6622,7 +6624,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: System Studio + product: Sensor Solution Firmware Development Kit cves: cve-2021-4104: investigated: false @@ -6651,7 +6653,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Computer Vision Annotation Tool maintained by Intel + product: System Debugger cves: cve-2021-4104: investigated: false @@ -6680,7 +6682,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Sensor Solution Firmware Development Kit + product: System Studio cves: cve-2021-4104: investigated: false @@ -6709,7 +6711,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Internet Systems Consortium(ISC) - product: ISC DHCP, aka dhcpd + product: BIND 9 cves: cve-2021-4104: investigated: false @@ -6739,7 +6741,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Internet Systems Consortium(ISC) - product: Kea DHCP + product: ISC DHCP, aka dhcpd cves: cve-2021-4104: investigated: false @@ -6769,7 +6771,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Internet Systems Consortium(ISC) - product: BIND 9 + product: Kea DHCP cves: cve-2021-4104: investigated: false @@ -6826,7 +6828,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Intland product: codebeamer cves: @@ -6858,7 +6860,7 @@ software: and [21.09](https://codebeamer.com/cb/wiki/19418497), but not yet for [21.04](https://codebeamer.com/cb/wiki/16937839) references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IPRO product: Netgovern cves: @@ -6886,7 +6888,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: iRedMail product: '' cves: @@ -6915,7 +6917,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ironnet product: '' cves: @@ -6944,7 +6946,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ISLONLINE product: '' cves: @@ -6973,22 +6975,21 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ivanti - product: Avalanche + product: Application Control for Linux cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '6.2.2' - - '6.3.0 to 6.3.3' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7006,26 +7007,49 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti File Director + product: Application Control for Windows cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '2019.1.*' - - '2020.1.*' - - '2020.3.*' - - '2021.1.*' - - '4.4.*' - fixed_versions: - - '2021.3 HF2' - - '2021.1 HF1' - - '2020.3 HF2' + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Automation + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7043,17 +7067,18 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Core + product: Avalanche cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - - 'All' + - 6.2.2 + - 6.3.0 to 6.3.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7068,25 +7093,54 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core. + notes: '' references: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Sentry (Core/Cloud) + product: Avalanche Remote Control cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '9.13' - - '9.14' + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: CETerm (Naurtech) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7099,24 +7153,54 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Sentry. + notes: '' references: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Core Connector + product: Cherwell Asset Management (CAM) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 'All' + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Cherwell Service Management (CSM) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7129,7 +7213,1938 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Connect Pro + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ConnectPro (Termproxy) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Credential mgr (PivD Manager) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Discovery Classic + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: DSM + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Environment Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: GoldMine + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: HEAT Classic + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: IIRIS (Neurons for IIOT) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Incapptic Connect + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Insight + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ITSM 6/7 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Asset Lifecycle Management + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Device Application Control + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Endpoint Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Endpoint Security + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Environment Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti EPM - Cloud Service Appliance + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti File Director + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2019.1.* + - 2020.1.* + - 2020.3.* + - 2021.1.* + - 4.4.* + fixed_versions: + - 2021.3 HF2 + - 2021.1 HF1 + - 2020.3 HF2 + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Identity Director + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti License Optimizer (ILO) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Management Center + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Neurons Platform + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Performance Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Security Controls (Patch ISec) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory + Page + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Desk + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: Not Affected. Java is no longer required since version 2018.3U3 Customers + on older versions can uninstall JRE on their ISD Servers for mitigation. This + will disable indexing of Attachments and Documents for full-text search. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Manager for Neurons (Cloud) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Voice + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Workspace Control + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Appconnect + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Email+ + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Go Client + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI MobileAtWork + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Security Productivity Apps + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Mi Tunnel App + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Access ZSO + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: Mitigated. No Impact + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron BYOD Portal + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Cloud + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Cloud Connector + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core Connector + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Sentry (Core/Cloud) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '9.13' + - '9.14' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Sentry. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Patch MEM (Microsoft Endpoint Manager) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Patch OEM APIs + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Performance Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Connect Secure + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Desktop Client + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Mobile Client + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse One + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Policy Secure + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Services Director + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Virtual Traffic Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Web Application Firewall + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse ZTA + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Risksense Threat and Vulnerability Management + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: SpeakEasy (add-on to Velocity) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: SpeakEasy (WinCE) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Terminal Emulation and Industrial Browser + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Velocity + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: VelocityCE + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Virtual Desktop Extender + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Wavelink License Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Xtraction + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' references: - '' last_updated: '2022-01-18T00:00:00' diff --git a/data/cisagov_J.yml b/data/cisagov_J.yml index 3ab71be..d50fefe 100644 --- a/data/cisagov_J.yml +++ b/data/cisagov_J.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: Jamasoftware - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -32,9 +32,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jamf - product: Jamf Pro + product: Jamf Cloud cves: cve-2021-4104: investigated: false @@ -43,9 +43,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 10.31.0 – 10.34.0 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -62,9 +62,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Janitza - product: GridVis + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Connect cves: cve-2021-4104: investigated: false @@ -76,7 +76,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.82 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -88,13 +88,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.janitza.com/us/gridvis-download.html + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Jaspersoft - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Data Policy cves: cve-2021-4104: investigated: false @@ -102,10 +102,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -117,13 +118,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jedox - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Health Care Listener cves: cve-2021-4104: investigated: false @@ -131,10 +132,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -146,13 +148,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jedox.com/en/trust/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jenkins - product: CI/CD Core + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Infrastructure Manager cves: cve-2021-4104: investigated: false @@ -160,10 +162,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Now + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -174,13 +207,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jenkins - product: Plugins + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Private Access cves: cve-2021-4104: investigated: false @@ -188,10 +222,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Pro (On-Prem) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 10.34.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -203,15 +268,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ - notes: '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: JetBrains - product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, - IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, - Rider, RubyMine, WebStorm) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Protect cves: cve-2021-4104: investigated: false @@ -223,7 +286,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -235,14 +298,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, - dotCover, dotPeek) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf School cves: cve-2021-4104: investigated: false @@ -254,7 +316,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -266,13 +328,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: ToolBox + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Threat Defense cves: cve-2021-4104: investigated: false @@ -284,7 +346,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -296,13 +358,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: TeamCity + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Janitza + product: GridVis cves: cve-2021-4104: investigated: false @@ -314,7 +376,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - 8.0.82 cve-2021-45046: investigated: false affected_versions: [] @@ -326,13 +388,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://youtrack.jetbrains.com/issue/TW-74298 + - https://www.janitza.com/us/gridvis-download.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: Hub + last_updated: '2022-01-05T00:00:00' + - vendor: Jaspersoft + product: All cves: cve-2021-4104: investigated: false @@ -340,10 +402,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 2021.1.14080 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -356,13 +417,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ + - https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: YouTrack Standalone + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Java Melody + product: All cves: cve-2021-4104: investigated: false @@ -373,7 +434,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2021.4.35970 + - 1.90.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -386,13 +447,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ + - https://github.com/javamelody/javamelody/wiki/ReleaseNotes notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: YouTrack InCloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jedox + product: All cves: cve-2021-4104: investigated: false @@ -400,10 +461,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -416,13 +476,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.jedox.com/en/trust/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: Datalore + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jenkins + product: CI cves: cve-2021-4104: investigated: false @@ -434,7 +494,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -446,13 +506,73 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jenkins + product: CI/CD Core + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jenkins + product: Plugins + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ + notes: '' + references: + - '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' + last_updated: '2021-12-16T00:00:00' - vendor: JetBrains - product: Space + product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, + dotCover, dotPeek) cves: cve-2021-4104: investigated: false @@ -464,7 +584,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -480,7 +600,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jetbrains product: Code With Me cves: @@ -493,7 +613,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -510,9 +630,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: Gateway + product: Datalore cves: cve-2021-4104: investigated: false @@ -524,7 +644,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -540,9 +660,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: Kotlin + product: Floating License Server cves: cve-2021-4104: investigated: false @@ -552,9 +672,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown + fixed_versions: + - '30241' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -570,9 +690,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: Ktor + product: Gateway cves: cve-2021-4104: investigated: false @@ -584,7 +704,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -600,9 +720,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: MPS + product: Hub cves: cve-2021-4104: investigated: false @@ -612,9 +732,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown + fixed_versions: + - 2021.1.14080 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -626,13 +746,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: Floating license server + product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, + IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, + Rider, RubyMine, WebStorm) cves: cve-2021-4104: investigated: false @@ -642,9 +764,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '30211' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -660,9 +782,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: UpSource + product: Kotlin cves: cve-2021-4104: investigated: false @@ -672,9 +794,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 2020.1.1952 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -690,9 +812,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JFROG - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Ktor cves: cve-2021-4104: investigated: false @@ -700,10 +822,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -715,13 +838,2234 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: MPS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Space + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: TeamCity + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://youtrack.jetbrains.com/issue/TW-74298 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: ToolBox + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: UpSource + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2020.1.1952 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: YouTrack InCloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: YouTrack Standalone + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2021.4.35970 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JFrog + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JGraph + product: DrawIO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/jgraph/drawio/issues/2490 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jitsi + product: jitsi-videobridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v2.1-595-g3637fda42 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jitterbit + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Johnson Controls + product: Athena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: BCPro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CEM AC2000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CEM Hardware Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CK721-A (P2000) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CloudVue Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CloudVue Web + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Connect24 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Connected Equipment Gateway (CEG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE Web + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE-9000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 2.90.x + - 2.80.x + - 2.70.x + - 2.60.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: DataSource + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: DLS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Entrapass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: exacqVision Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: exacqVision Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: exacqVision WebService + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Facility Explorer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 14.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Illustra Cameras + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Illustra Insight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: iSTAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Kantech Entrapass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Metasys Products and Tools + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Active Responder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Bridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Chiller Utility Plant Optimizer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Connected Chiller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Enterprise Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Location Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Risk Insight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Twin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Workplace + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: P2000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: PowerSeries NEO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: PowerSeries Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Qolsys IQ Panels + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: RFID Overhead360 Backend + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: S321-IP (P2000) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Analytics (STaN) - Traffic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Market Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Perimeter Apps + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Shopper Journey + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Video Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Sur‐Gard Receivers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: TrueVue Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Tyco AI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 5.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor/ C•CURE‐9000 Unified + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 and 3.91.x / victor 5.6.1 / C•CURE‐9000 + 2.90 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: VideoEdge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 5.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Xaap + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Journyx + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: jPOS + product: (ISO-8583) bridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jump Desktop + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Advanced Threat Prevention (JATP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: AppFormix + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Apstra System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Apstra System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Connectivity Services Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jitsi - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Networking cves: cve-2021-4104: investigated: false @@ -729,10 +3073,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -744,13 +3089,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jitterbit - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Service Orchestration cves: cve-2021-4104: investigated: false @@ -758,10 +3103,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -773,13 +3119,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: jPOS - product: (ISO-8583) bridge + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Cross Provisioning Platform cves: cve-2021-4104: investigated: false @@ -790,8 +3136,7 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -803,13 +3148,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: CTPOS and CTPView cves: cve-2021-4104: investigated: false @@ -821,7 +3166,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.90.x (all 2.90 versions) + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -833,13 +3178,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: ICEAAA Manager cves: cve-2021-4104: investigated: false @@ -851,7 +3196,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.80.x (all 2.80 versions) + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -863,13 +3208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: JATP Cloud cves: cve-2021-4104: investigated: false @@ -881,7 +3226,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.70 (All versions) + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -893,13 +3238,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Identity Management Services (JIMS) cves: cve-2021-4104: investigated: false @@ -910,8 +3255,7 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: - - 2.60 (All versions) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -923,13 +3267,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: victor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Mist Edge cves: cve-2021-4104: investigated: false @@ -941,7 +3285,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -953,13 +3297,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Sky Enterprise cves: cve-2021-4104: investigated: false @@ -971,7 +3315,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -983,13 +3327,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos OS cves: cve-2021-4104: investigated: false @@ -1001,7 +3345,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1013,13 +3357,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Metasys Products and Tools + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos OS Evolved cves: cve-2021-4104: investigated: false @@ -1031,7 +3375,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1043,13 +3387,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Facility Explorer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos Space Network Management Platform cves: cve-2021-4104: investigated: false @@ -1058,10 +3402,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - 14.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1073,13 +3417,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CEM AC2000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Marvis Virtual Network Assistant (VNA) cves: cve-2021-4104: investigated: false @@ -1091,7 +3435,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1103,13 +3447,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CEM Hardware Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Mist AI cves: cve-2021-4104: investigated: false @@ -1121,7 +3465,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1133,13 +3477,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Illustra Cameras + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Wi-Fi Assurance cves: cve-2021-4104: investigated: false @@ -1151,7 +3495,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1163,13 +3507,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Illustra Insight + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Wired Assurance cves: cve-2021-4104: investigated: false @@ -1181,7 +3525,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1193,13 +3537,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Tyco AI + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Mist Access Points cves: cve-2021-4104: investigated: false @@ -1211,7 +3555,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - Any version on AP12, AP21, AP32, AP33, AP34, AP41, AP43, AP45, AP61, AP63 cve-2021-45046: investigated: false affected_versions: [] @@ -1223,13 +3567,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: DLS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Network Director cves: cve-2021-4104: investigated: false @@ -1241,7 +3585,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1253,13 +3597,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Entrapass + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Northstar Controller cves: cve-2021-4104: investigated: false @@ -1268,10 +3612,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1283,13 +3627,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CloudVue Web + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Northstar Planner cves: cve-2021-4104: investigated: false @@ -1300,8 +3644,7 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1313,13 +3656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CloudVue Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Insights cves: cve-2021-4104: investigated: false @@ -1328,10 +3671,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1343,13 +3686,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Qolsys IQ Panels + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Pathfinder cves: cve-2021-4104: investigated: false @@ -1358,10 +3701,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1373,13 +3716,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: PowerSeries NEO + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Planner cves: cve-2021-4104: investigated: false @@ -1388,10 +3731,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1403,13 +3746,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: PowerSeries Pro + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Policy Enforcer cves: cve-2021-4104: investigated: false @@ -1421,7 +3764,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1433,13 +3776,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Sur‐Gard Receivers + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Products using Wind River Linux in Junos OS and Junos OS Evolved cves: cve-2021-4104: investigated: false @@ -1451,7 +3794,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1463,13 +3806,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: VideoEdge + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: ScreenOS cves: cve-2021-4104: investigated: false @@ -1481,7 +3824,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1493,13 +3836,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: exacqVision Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: SecIntel cves: cve-2021-4104: investigated: false @@ -1511,7 +3854,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1523,13 +3866,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: exacqVision Client + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Secure Analytics cves: cve-2021-4104: investigated: false @@ -1540,8 +3883,7 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1553,13 +3895,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: exacqVision WebService + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Security Director cves: cve-2021-4104: investigated: false @@ -1571,7 +3913,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1583,13 +3925,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: BCPro + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Security Director Insights cves: cve-2021-4104: investigated: false @@ -1601,7 +3943,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1613,13 +3955,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: iSTAR + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Session Smart Router (Formerly 128T) cves: cve-2021-4104: investigated: false @@ -1631,7 +3973,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1643,13 +3985,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Journyx - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Space SDK cves: cve-2021-4104: investigated: false @@ -1657,10 +3999,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1672,13 +4015,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jump Desktop - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Standalone Log Collector 20.1 (as also used by Space Security Director) cves: cve-2021-4104: investigated: false @@ -1686,10 +4029,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1701,13 +4045,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Juniper Networks - product: '' + product: User Engagement Virtual BLE cves: cve-2021-4104: investigated: false @@ -1715,10 +4059,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1734,9 +4079,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Justice Systems - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1763,5 +4108,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 79eb59c..2f4d413 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: K15t - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -32,9 +32,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: K6 - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -61,9 +61,69 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn SaaS in the classic Learn experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.28.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn Self- and Managed-Hosting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.26.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' - vendor: Karakun - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -90,9 +150,339 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaseya + product: AuthAnvil + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: BMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: ID Agent DarkWeb ID and BullPhish ID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: IT Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: MyGlue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Network Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Passly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: RocketCyber + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spannign Salesforce Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spanning O365 Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Unitrends + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Kaseya - product: '' + product: Vorex cves: cve-2021-4104: investigated: false @@ -100,10 +490,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: VSA SaaS and VSA On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -119,9 +540,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Keeper Security - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: KeePass + product: All cves: cve-2021-4104: investigated: false @@ -129,10 +550,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keeper + product: All + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -148,9 +600,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: KEMP - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kemp + product: All cves: cve-2021-4104: investigated: false @@ -175,11 +627,41 @@ software: vendor_links: - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit notes: '' + references: + - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keycloak + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/keycloak/keycloak/discussions/9078 + notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: KEMP 2 - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Capture cves: cve-2021-4104: investigated: false @@ -187,10 +669,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Communication Manager + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.3 - 5.5 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -202,13 +715,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228- + - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax - product: '' + product: Robot File System (RFS) cves: cve-2021-4104: investigated: false @@ -216,10 +729,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=10.7' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robotic Process Automation (RPA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '11.1' + - '11.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -231,13 +776,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228) + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Konica Minolta - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -264,9 +809,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kronos UKG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -293,9 +838,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kyberna - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -322,5 +867,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_L.yml b/data/cisagov_L.yml index 11c83aa..36b25ab 100644 --- a/data/cisagov_L.yml +++ b/data/cisagov_L.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: L3Harris Geospatial product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lancom Systems product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lansweeper product: '' cves: @@ -119,7 +119,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Laserfiche product: '' cves: @@ -148,7 +148,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LastPass product: '' cves: @@ -177,7 +177,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LaunchDarkly product: '' cves: @@ -206,7 +206,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Leanix product: '' cves: @@ -235,7 +235,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Leica BIOSYSTEMS product: Aperio AT2 cves: @@ -614,7 +614,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND-ADVANCE + product: BOND Controller cves: cve-2021-4104: investigated: false @@ -643,7 +643,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND Controller + product: BOND RX cves: cve-2021-4104: investigated: false @@ -672,7 +672,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND-III + product: BOND RXm cves: cve-2021-4104: investigated: false @@ -701,7 +701,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND-MAX + product: BOND-ADVANCE cves: cve-2021-4104: investigated: false @@ -730,7 +730,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND RX + product: BOND-III cves: cve-2021-4104: investigated: false @@ -759,7 +759,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND RXm + product: BOND-MAX cves: cve-2021-4104: investigated: false @@ -2415,7 +2415,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Let's Encrypt product: '' cves: @@ -2444,7 +2444,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LibreNMS product: '' cves: @@ -2473,7 +2473,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LifeRay product: '' cves: @@ -2502,7 +2502,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LifeSize product: '' cves: @@ -2531,7 +2531,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lightbend product: '' cves: @@ -2560,7 +2560,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lime CRM product: '' cves: @@ -2589,7 +2589,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LIONGARD product: '' cves: @@ -2618,7 +2618,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LiquidFiles product: '' cves: @@ -2647,7 +2647,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LiveAction product: '' cves: @@ -2676,7 +2676,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Loftware product: '' cves: @@ -2705,7 +2705,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LOGalyze product: SIEM & log analyzer tool cves: @@ -2766,7 +2766,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogicMonitor product: LogicMonitor Platform cves: @@ -2795,7 +2795,37 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Logit.io + product: Logit.io Platform + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logit.io/blog/post/logit-io-log4shell-security-update + notes: '' + references: + - '' + last_updated: '2022-02-07T07:10:00+00:00' - vendor: LogMeIn product: '' cves: @@ -2824,7 +2854,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogRhythm product: '' cves: @@ -2853,7 +2883,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Looker product: Looker cves: @@ -2888,7 +2918,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LucaNet product: '' cves: @@ -2917,7 +2947,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lucee product: '' cves: @@ -2946,7 +2976,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lyrasis product: Fedora Repository cves: diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index c96ff4b..b87271f 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Maltego product: '' cves: @@ -61,9 +61,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ManageEngine - product: Servicedesk Plus + product: AD SelfService Plus cves: cve-2021-4104: investigated: false @@ -72,10 +72,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 11305 and below + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Build 6.1 build 6114 cve-2021-45046: investigated: false affected_versions: [] @@ -86,14 +86,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.manageengine.com/products/service-desk/security-response-plan.html + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2021-12-27T00:00:00' - vendor: ManageEngine - product: AD SelfService Plus + product: Servicedesk Plus cves: cve-2021-4104: investigated: false @@ -102,10 +101,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 11305 and below fixed_versions: [] - unaffected_versions: - - Build 6.1 build 6114 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -116,11 +115,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.manageengine.com/products/service-desk/security-response-plan.html notes: '' references: - '' - last_updated: '2021-12-27T00:00:00' + last_updated: '2021-12-15T00:00:00' - vendor: ManageEngine Zoho product: '' cves: @@ -149,9 +149,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ManageEngine Zoho - product: ADManager Plus + product: ADAudit Plus cves: cve-2021-4104: investigated: false @@ -160,8 +160,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -181,7 +180,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: ADAudit Plus + product: ADManager Plus cves: cve-2021-4104: investigated: false @@ -190,8 +189,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -211,7 +209,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: DataSecurity Plus + product: Analytics Plus cves: cve-2021-4104: investigated: false @@ -220,8 +218,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -241,7 +238,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: EventLog Analyzer + product: Cloud Security Plus cves: cve-2021-4104: investigated: false @@ -250,8 +247,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -271,7 +267,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: M365 Manager Plus + product: DataSecurity Plus cves: cve-2021-4104: investigated: false @@ -280,8 +276,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -301,7 +296,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: RecoveryManager Plus + product: EventLog Analyzer cves: cve-2021-4104: investigated: false @@ -310,8 +305,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -340,8 +334,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -370,8 +363,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -400,8 +392,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -421,7 +412,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Cloud Security Plus + product: M365 Manager Plus cves: cve-2021-4104: investigated: false @@ -430,8 +421,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -460,8 +450,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -481,7 +470,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Analytics Plus + product: RecoveryManager Plus cves: cve-2021-4104: investigated: false @@ -490,8 +479,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -538,7 +526,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MathWorks product: All MathWorks general release desktop or server products cves: @@ -581,7 +569,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -656,7 +644,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mattermost FocalBoard product: '' cves: @@ -685,7 +673,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: McAfee product: Data Exchange Layer (DXL) Client cves: @@ -939,7 +927,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: ePolicy Orchestrator Application Server (ePO) + product: Enterprise Security Manager (ESM) cves: cve-2021-4104: investigated: false @@ -950,7 +938,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 5.10 CU11 + - 11.5.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -997,7 +985,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Host Intrusion Prevention (Host IPS) + product: ePolicy Orchestrator Application Server (ePO) cves: cve-2021-4104: investigated: false @@ -1005,9 +993,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.10 CU11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1019,13 +1008,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Management of Native Encryption (MNE) + product: Host Intrusion Prevention (Host IPS) cves: cve-2021-4104: investigated: false @@ -1053,7 +1043,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Active Response (MAR) + product: Management of Native Encryption (MNE) cves: cve-2021-4104: investigated: false @@ -1081,7 +1071,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Agent (MA) + product: McAfee Active Response (MAR) cves: cve-2021-4104: investigated: false @@ -1109,7 +1099,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Linux + product: McAfee Agent (MA) cves: cve-2021-4104: investigated: false @@ -1137,7 +1127,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Windows + product: McAfee Application and Change Control (MACC) for Linux cves: cve-2021-4104: investigated: false @@ -1165,7 +1155,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Client Proxy (MCP) for Mac + product: McAfee Application and Change Control (MACC) for Windows cves: cve-2021-4104: investigated: false @@ -1193,7 +1183,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Client Proxy (MCP) for Windows + product: McAfee Client Proxy (MCP) for Mac cves: cve-2021-4104: investigated: false @@ -1221,7 +1211,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Drive Encryption (MDE) + product: McAfee Client Proxy (MCP) for Windows cves: cve-2021-4104: investigated: false @@ -1249,7 +1239,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Security for Microsoft Exchange (MSME) + product: McAfee Drive Encryption (MDE) cves: cve-2021-4104: investigated: false @@ -1277,7 +1267,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Security for Microsoft SharePoint (MSMS) + product: McAfee Security for Microsoft Exchange (MSME) cves: cve-2021-4104: investigated: false @@ -1333,7 +1323,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Enterprise Security Manager (ESM) + product: McAfee Security for Microsoft SharePoint (MSMS) cves: cve-2021-4104: investigated: false @@ -1341,10 +1331,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 11.5.3 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1356,8 +1345,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + vendor_links: [] notes: '' references: - '' @@ -1561,7 +1549,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MEINBERG product: LANTIME and microSync cves: @@ -1619,7 +1607,7 @@ software: notes: Project is written in Python references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Memurai product: '' cves: @@ -1649,8 +1637,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MicroFocus - product: '' + - vendor: Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -1658,9 +1646,19 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '10.20' + - '10.30' + - '10.40' + - '10.50' + - '10.60' + - '10.70' + - '10.80' + - '10.90' + - '10.91' + - '11.00' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1673,13 +1671,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228 + - https://portal.microfocus.com/s/article/KM000003052 notes: '' references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-13T00:00:00' - vendor: Microsoft - product: Azure Application Gateway + product: Azure API Gateway cves: cve-2021-4104: investigated: false @@ -1706,9 +1704,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft - product: Azure API Gateway + product: Azure Application Gateway cves: cve-2021-4104: investigated: false @@ -1735,7 +1733,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure Data lake store java cves: @@ -1765,7 +1763,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure Data lake store java cves: @@ -1795,9 +1793,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft - product: Azure DevOps Server + product: Azure DevOps cves: cve-2021-4104: investigated: false @@ -1805,9 +1803,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2019.0 - 2020.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1825,9 +1822,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft - product: Azure DevOps + product: Azure DevOps Server cves: cve-2021-4104: investigated: false @@ -1835,8 +1832,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2019.0 - 2020.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1854,7 +1852,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure Traffic Manager cves: @@ -1883,7 +1881,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Team Foundation Server cves: @@ -1913,7 +1911,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microstrategy product: '' cves: @@ -2000,7 +1998,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Milestone sys product: '' cves: @@ -2029,7 +2027,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mimecast product: '' cves: @@ -2058,7 +2056,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Minecraft product: '' cves: @@ -2087,7 +2085,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mirantis product: '' cves: @@ -2116,7 +2114,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Miro product: '' cves: @@ -2145,7 +2143,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mitel product: '' cves: @@ -2174,7 +2172,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MMM Group product: Control software of all MMM series cves: @@ -2233,143 +2231,6 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' - - vendor: MobileIron - product: Core - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All Versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Core Connector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All Versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Reporting Database (RDB) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All Versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Sentry - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - '9.13' - - '9.14' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - vendor: MongoDB product: All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) @@ -2399,7 +2260,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Atlas Search cves: @@ -2428,7 +2289,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) @@ -2458,7 +2319,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Drivers cves: @@ -2487,7 +2348,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) @@ -2517,7 +2378,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Realm (including Realm Database, Sync, Functions, APIs) cves: @@ -2546,7 +2407,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors) @@ -2576,7 +2437,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Moodle product: '' cves: @@ -2605,7 +2466,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MoogSoft product: '' cves: @@ -2634,7 +2495,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Motorola Avigilon product: '' cves: @@ -2664,6 +2525,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Moxa + product: '' + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability + notes: Moxa is investigating to determine if any of our products are affected + by this vulnerability. At the time of publication, none of Moxa's products are + affected. + references: + - '' + last_updated: '2022-01-19T00:00:00' - vendor: Mulesoft product: '' cves: @@ -2693,9 +2586,9 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mulesoft - product: Mule Runtime + product: Anypoint Studio cves: cve-2021-4104: investigated: false @@ -2705,8 +2598,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.x - - 4.x + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2727,7 +2619,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Mulesoft - product: Mule Agent + product: Cloudhub cves: cve-2021-4104: investigated: false @@ -2735,9 +2627,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 6.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2758,7 +2649,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Mulesoft - product: Cloudhub + product: Mule Agent cves: cve-2021-4104: investigated: false @@ -2766,8 +2657,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2788,7 +2680,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Mulesoft - product: Anypoint Studio + product: Mule Runtime cves: cve-2021-4104: investigated: false @@ -2798,7 +2690,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.x + - 3.x + - 4.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index 3ce3b55..596c681 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nagios product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NAKIVO product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: National Instruments product: OptimalPlus cves: @@ -102,9 +102,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'Vertica' - - 'Cloudera' - - 'Logstash' + - Vertica + - Cloudera + - Logstash fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -136,7 +136,7 @@ software: investigated: true affected_versions: - '>4.2' - - '<4..2.12' + - <4..2.12 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -182,7 +182,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Netcup product: '' cves: @@ -211,7 +211,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NetGate PFSense product: '' cves: @@ -240,7 +240,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Netwrix product: '' cves: @@ -269,7 +269,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: New Relic product: Containerized Private Minion (CPM) cves: @@ -282,7 +282,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.0.57' + - 3.0.57 unaffected_versions: [] cve-2021-45046: investigated: false @@ -312,7 +312,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '<7.4.3' + - <7.4.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -360,7 +360,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nextflow product: Nextflow cves: @@ -374,7 +374,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '21.04.0.5552' + - 21.04.0.5552 cve-2021-45046: investigated: false affected_versions: [] @@ -448,7 +448,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NinjaRMM product: '' cves: @@ -478,7 +478,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nomachine product: '' cves: @@ -507,7 +507,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NoviFlow product: '' cves: @@ -536,7 +536,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Backlog cves: @@ -566,7 +566,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Backlog Enterprise (On-premises) cves: @@ -596,7 +596,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Cacoo cves: @@ -626,7 +626,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Cacoo Enterprise (On-premises) cves: @@ -656,7 +656,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Typetalk cves: @@ -686,7 +686,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nutanix product: AHV cves: @@ -1343,7 +1343,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Leap + product: LCM cves: cve-2021-4104: investigated: false @@ -1351,10 +1351,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1367,12 +1368,12 @@ software: unaffected_versions: [] vendor_links: - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: LCM + product: Leap cves: cve-2021-4104: investigated: false @@ -1380,11 +1381,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1397,7 +1397,7 @@ software: unaffected_versions: [] vendor_links: - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + notes: Saas-Based Procuct. See Advisory. references: - '' last_updated: '2021-12-20T00:00:00' @@ -1758,7 +1758,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NXLog product: '' cves: @@ -1787,5 +1787,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_Non-Alphabet.yml b/data/cisagov_Non-Alphabet.yml index 082f969..0a182af 100644 --- a/data/cisagov_Non-Alphabet.yml +++ b/data/cisagov_Non-Alphabet.yml @@ -154,4 +154,35 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: 7Signal + product: Sapphire + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.7signal.com/info/se-release-notes + notes: Fix released 2021-12-14 + references: + - '' + last_updated: '2021-12-14T00:00:00' ... diff --git a/data/cisagov_O.yml b/data/cisagov_O.yml index 4751f7c..bf866b1 100644 --- a/data/cisagov_O.yml +++ b/data/cisagov_O.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OCLC product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Octopus product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Okta product: Advanced Server Access cves: @@ -295,7 +295,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta RADIUS Server Agent + product: Okta On-Prem MFA Agent cves: cve-2021-4104: investigated: false @@ -305,7 +305,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.17.0 + - < 1.4.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -319,13 +319,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 + - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta Verify + product: Okta RADIUS Server Agent cves: cve-2021-4104: investigated: false @@ -333,8 +333,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 2.17.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -348,13 +349,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta Workflows + product: Okta Verify cves: cve-2021-4104: investigated: false @@ -383,7 +384,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta On-Prem MFA Agent + product: Okta Workflows cves: cve-2021-4104: investigated: false @@ -391,9 +392,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 1.4.6 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -407,7 +407,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' @@ -440,7 +440,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Opengear product: '' cves: @@ -469,7 +469,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenMRS TALK product: '' cves: @@ -498,7 +498,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenNMS product: '' cves: @@ -527,7 +527,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenSearch product: '' cves: @@ -556,7 +556,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenText product: '' cves: @@ -587,7 +587,7 @@ software: - '' last_updated: '2021-12-23T00:00:00' - vendor: Opto 22 - product: GRV-EPIC-PR1, GRV-EPIC-PR2 + product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP cves: cve-2021-4104: investigated: false @@ -597,9 +597,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 3.3.2 + - < 4.3g fixed_versions: - - 3.3.2 + - 4.3g unaffected_versions: [] cve-2021-45046: investigated: false @@ -618,7 +618,7 @@ software: - '' last_updated: '2022-01-13T00:00:00' - vendor: Opto 22 - product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP + product: GROOV-AT1, GROOV-AT1-SNAP cves: cve-2021-4104: investigated: false @@ -649,7 +649,7 @@ software: - '' last_updated: '2022-01-13T00:00:00' - vendor: Opto 22 - product: GROOV-AT1, GROOV-AT1-SNAP + product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP cves: cve-2021-4104: investigated: false @@ -680,7 +680,7 @@ software: - '' last_updated: '2022-01-13T00:00:00' - vendor: Opto 22 - product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP + product: GRV-EPIC-PR1, GRV-EPIC-PR2 cves: cve-2021-4104: investigated: false @@ -690,9 +690,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 4.3g + - < 3.3.2 fixed_versions: - - 4.3g + - 3.3.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -741,7 +741,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Oracle - product: Exadata + product: Enterprise Manager cves: cve-2021-4104: investigated: false @@ -751,7 +751,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - <21.3.4 + - '13.5' + - 13.4 & 13.3.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -773,7 +774,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Oracle - product: Enterprise Manager + product: Exadata cves: cve-2021-4104: investigated: false @@ -783,8 +784,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '13.5' - - 13.4 & 13.3.2 + - <21.3.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -833,7 +833,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Osirium product: PAM cves: @@ -862,7 +862,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Osirium product: PEM cves: @@ -891,7 +891,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Osirium product: PPA cves: @@ -920,7 +920,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OTRS product: '' cves: @@ -949,7 +949,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OVHCloud product: '' cves: @@ -978,7 +978,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OwnCloud product: '' cves: @@ -1007,7 +1007,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OxygenXML product: Author cves: diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 4dbb587..fb32ba9 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -4,8 +4,38 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: Paessler + product: PRTG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.rundeck.com/docs/history/CVEs/#log4shell-cves + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' - vendor: PagerDuty - product: PagerDuty SaaS + product: PagerDuty Rundeck cves: cve-2021-4104: investigated: false @@ -13,10 +43,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.3+ + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability + notes: We currently see no evidence of compromises on our platform. Our teams + continue to monitor for new developments and for impacts on sub-processors and + dependent systems. PagerDuty SaaS customers do not need to take any additional + action for their PagerDuty SaaS environment. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: PagerDuty + product: PagerDuty SaaS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -36,4 +100,8033 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: Palantir + product: Palantir AI Inference Platform (AIP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: Fully remediated as of 1.97.0. Disconnected customer instances may require + manual updates. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Apollo + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact, and updates have been deployed for full remediation. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Foundry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Gotham + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palo-Alto Networks + product: Bridgecrew + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: CloudGenix + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Data Lake + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XDR Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Xpanse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XSOAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Exact Data Matching CLI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Expedition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: GlobalProtect App + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: IoT Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Okyo Grade + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-DB Private Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Firewall and Wildfire + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Panorama + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 9.0.15 + - 9.1.12-h3 + - 10.0.8-h8 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will + be updated when hot fixes for the affected Panorama versions are available. + PAN-OS for Panorama versions 8.1, 10.1 are not affected. + last_updated: '2021-12-15T00:00:00' + - vendor: Palo-Alto Networks + product: Prisma Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud Compute + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma SD-WAN (CloudGenix) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: SaaS Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: User-ID Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Panasonic + product: KX-HDV100 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV130 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV230 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV330 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV340 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV430 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV800 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP500 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP550 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP600 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP700 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UDS124 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT113 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT123 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT133 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT136 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT248 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT670 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panopto + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PaperCut + product: PaperCut Hive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut MF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 21.0 and later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut MobilityPrint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut MultiVerse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut NG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 21.0 and later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Online Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Pocket + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Print Logger + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Views + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Parallels + product: Remote Application Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.parallels.com/en/128696 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Parse.ly + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.parse.ly/parse-ly-log4shell/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PBXMonitor + product: RMM for 3CX PBX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pbxmonitor.net/changelog.php + notes: Mirror Servers were also checked to ensure Log4J was not installed or being + used by any of our systems. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: PDQ + product: Deploy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pdq.com/blog/log4j-vulnerability-cve-2021-44228/?utm_content=190941012&utm_medium=social&utm_source=twitter&hss_channel=tw-90432152 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PDQ + product: Inventory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pdq.com/blog/log4j-vulnerability-cve-2021-44228/?utm_content=190941012&utm_medium=social&utm_source=twitter&hss_channel=tw-90432152 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Pega + product: Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 7.3.x - 8.6.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + notes: Hotfixes made available for registered customers by Pega. When using Stream + nodes, the embedded Kafka instances require a separate hotfix to be installed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pentaho + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pepperl+Fuchs + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pepperl-fuchs.com/global/en/29079.htm + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Percona + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.percona.com/blog/log4jshell-vulnerability-update/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Personio + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.personio.de/incidents/kn4c6mf6lpdv + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Endpoint Activation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Eptools + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Infinity + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Infinity Connect Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Microsoft Teams Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: My Meeting Video + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Reverse Proxy and TURN Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: VMR Self-Service Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Phenix Id + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.phenixid.se/uncategorized/log4j-fix/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Philips + product: Event Analytics (All VUE PACS Versions) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: HealthSuite Marketplace + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Philips hosting environment has deployed a patch. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliBridge Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - B.13 + - B.15 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided it is customer responsibility to validate + and deploy patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSite Pathology Solution 5.1 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - L1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSpace Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v11 and above + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSpace PACS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Philips hosting environment is evaluating the VMware provided workaround + and in the process of deploying for managed service customers. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSpace Portal Server/workstation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v9 and above + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Pathology De-identifier 1.0 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - L1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Performance Bridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.0 with Practice + - '3.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Pinnacle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 18.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Protocol Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Protocol Applications + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '1.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Report Analytics (All VUE PACS Versions) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: RIS Clinic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Scanner Protocol Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '1.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Tasy EMR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Univeral Data Manager (UDM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Philips hosting environment is evaluating the VMware provided workaround + and in the process of deploying for managed service customers. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: VuePACS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 12.2.8 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: PHOENIX CONTACT + product: Cloud Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 + notes: Cloud Services were either not vulnerable or are completely fixed. No exploits + observed. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Physical products containing firmware + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Software Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Ping Identity + product: PingAccess + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.0 <= version <= 6.3.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingCentral + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 8.0 <= version <= 10.3.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate Java Integration Kit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 2.7.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate OAuth Playground + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 4.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingIntelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pitney Bowes + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planmeca + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planon Software + product: Planon Universe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/ + notes: This advisory is available for customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Platform.SH + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plesk + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plex + product: Plex Industrial IoT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: This advisory is available to customer only and has not been reviewed by + CISA. Mitigation already applied, patch available. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Plex + product: Plex Media Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Polycom + product: Cloud Relay (OTD and RealConnect hybrid use case) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: Poly Clariti Core/Edge (a.k.a. DMA/CCE) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 9.0 and above + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: Poly Clariti Relay + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.0.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: Poly RealConnect for Microsoft Teams and Skype for Business + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: RealAccess + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Portainer + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PortSwigger + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Postgres + product: PostgreSQL JDBC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Postman + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Power Admin LLC + product: PA File Sight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Server Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Storage Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: dnsdist + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: metronome + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: PowerDNS Authoritative Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: PowerDNS Recursor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Pretix + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://pretix.eu/about/de/blog/20211213-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PrimeKey + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Procentec (HMS Group) + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://mailchi.mp/procentec.com/security_message + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress + product: DataDirect Hybrid Data Pipeline + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledgebase.progress.com/articles/Knowledge/Is-Hybrid-Data-Pipeline-vulnerable-CVE-2021-44228-Log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress + product: OpenEdge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledgebase.progress.com/articles/Knowledge/Is-Hybrid-Data-Pipeline-vulnerable-CVE-2021-44228-Log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProofPoint + product: Archiving Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Archiving Backend + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Cloud App Security Broker + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Cloudmark Cloud/Cloudmark Hybrid + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Cloudmark On-Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Compliance Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Content Patrol + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Data Discover + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: DLP Core Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Community + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Fraud Defense (EFD) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Protecton OnDemand (PoD), including Email DLP and Email Encryption + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Security Relay + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Endpoint DLP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Essentials Archive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Essentials Email + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Insider Threat Management Saas + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Insiders Threat Management On-Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Isolation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: ITM Saas Endpoint Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Mail Protection On-Premise (PPS), including Email DLP and Email Encryption + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Meta/ZTNA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Nexus People Risk Explorer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Secure Email Relay + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Secure Share + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Security Awareness Training + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Sentrion + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Social Discover + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Social Patrol + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Targeted Attack Protection (TAP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Threat Response (TRAP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Web Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Web Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProSeS + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Prosys + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://prosysopc.com/news/important-security-release/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: Backup Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: Mail Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: VE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PRTG Paessler + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTC + product: ACA Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Adapter Toolkit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: AdaWorld + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ApexAda + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Arbortext Editor, Styler, and Publishing Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>8.0.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Arena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Axeda + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Axeda Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 6.9.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Creo Elements/Direct Model Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Creo Parametric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Creo View + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Flexnet License Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: FlexPLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 12.0.2.2 (CPS03) + - 12.0.2.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: FlexPLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - <= 11.1 M020 + - 11.2.1 + - 12.0.0 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: FlexPLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 12.0.2.0 (CPS01 and CPS02) + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Implementer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Intellicus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=19.1 SP11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: OnShape + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Servigistics Service Parts Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.1' + - '12.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Servigistics Service Parts Pricing + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.1' + - '12.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Advisor Apps + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx DPM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Extensions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Flow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Kepware + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - <=1.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Manufacturing Apps + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Navigate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '9.1' + - '9.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Ping Federate Integration + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=9.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=8.5.7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Platform High Availability + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '9.0' + - '9.1' + - '9.2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: WCTK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill PDMLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 12.0.2.2 (CPS03) + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill PDMLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 12.0.2.0 (CPS01 & CPS02) + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill PDMLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - <=11.2 M020 + - 11.2.1 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill Performance Advisor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill Rest Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill RV&S(Integrity Lifcycle Manager) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.6/8.6 4.6 SP0 to 12.5 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill Workgroup Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTV Group + product: Map&Market + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '> 2017' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: Map&Market + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - < 2018 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Arrival Board + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Balance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Content Update Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2 (on prem) + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Developer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Drive&Arrive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Drive&Arrive App + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV EM Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Epics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Hyperpath + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV MaaS Modeller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Map&Guide Intranet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Navigator App + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Navigator License Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Optima + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Road Editor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimiser CL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimiser ST + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - on prem xServer2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimiser ST (TourOpt) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimizer Saas/Demonstrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV TLN Planner Internet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV TRE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Tre-Addin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Trip Creator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Vissim + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Vistad Euska + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Vistro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Visum + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Visum Publisher + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Viswalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.34 (on prem) + - 2 (on prem) + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - < 1.34 (on prem) + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer Internet 1 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer Internet 2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Connect Secure (ICS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for Secure Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Connect Secure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Desktop Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Mobile Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse One + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Policy Secure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Services Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Virtual Traffic Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Web Application Firewall + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse ZTA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Puppet + product: Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Puppet + product: Continuous Delivery for Puppet Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.x + - < 4.10.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Puppet + product: Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage + product: Cloud Blockstore + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - CBS6.1.x + - CBS6.2.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Flash Array + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 5.3.x + - 6.0.x + - 6.1.x + - 6.2.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Flash Blade + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.1.x + - 3.2.x + - 3.3.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: PortWorx + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.8.0+ + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Pure1 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: VM Analytics OVA Collector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < v3.1.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: PuTTY + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.chiark.greenend.org.uk/~sgtatham/putty/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pyramid Analytics + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index d877f90..5f2d36c 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -4,8 +4,871 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: Qconference + product: FaceTalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/ + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' - vendor: QF-Test - product: '' + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qlik + product: AIS, including ARC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Attunity Visibility + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: AutoML + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Blendr + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DW + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - 6.6.1 + - '7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.10.0 + - 4.10.1 + - 4.10.2 + - 4.11.0 + - 4.11.1 + - 4.12.0 + - 4.12.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2021.2' + - '2021.5' + - '2021.8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Lakes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Wharehouses + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + - 6.6.1 + - '7.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Plus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.26.5 + - 5.27.5 - 5.28.2 + - 5.29.4 - 5.30.1 + - 5.31.1 + - 5.31.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.19.1 - 4.27.3 + - 4.23.4 + - 4.32.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nodegraph + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nprinting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: ODBC Connector Package + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: QEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Alerting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - May 2021 release and after + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Data Transfer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Enterprise Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Forts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik RepliWeb and ARC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Business + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise SaaS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik View + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Web Connectors cves: cve-2021-4104: investigated: false @@ -13,10 +876,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -28,13 +892,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Qlik - product: '' + product: Replicate cves: cve-2021-4104: investigated: false @@ -42,10 +906,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: REST Connectors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -61,9 +959,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: QMATIC - product: Orchestra Central + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Salesforce and SAP Connectors cves: cve-2021-4104: investigated: false @@ -75,7 +973,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 6.0+ + - All cve-2021-45046: investigated: false affected_versions: [] @@ -87,11 +985,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: '' + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: Connectos are not affected. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: QMATIC product: Appointment Booking cves: @@ -102,9 +1000,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 2.4+ - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -122,6 +1020,36 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Appointment Booking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud/Managed Service + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: log4j 2.16 applied 2021-12-15 + references: + - '' + last_updated: '2021-12-21T00:00:00' - vendor: QMATIC product: Insights cves: @@ -132,9 +1060,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Cloud - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -153,7 +1081,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: QMATIC - product: Appointment Booking + product: Orchestra Central cves: cve-2021-4104: investigated: false @@ -162,10 +1090,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Cloud/Managed Service + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 6.0+ cve-2021-45046: investigated: false affected_versions: [] @@ -178,12 +1106,72 @@ software: unaffected_versions: [] vendor_links: - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-15 + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: QNAP - product: '' + product: QES Operating System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: Qsirch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QTS Operating System cves: cve-2021-4104: investigated: false @@ -191,10 +1179,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QuTS Hero Operating System + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -210,9 +1229,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QOPPA - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -239,9 +1258,38 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOS.ch + product: SLF4J Simple Logging Facade for Java + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.slf4j.org/log4shell.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QSC Q-SYS - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -268,9 +1316,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -297,9 +1345,39 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Quest Global - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5.9' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight cves: cve-2021-4104: investigated: false @@ -307,10 +1385,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Quest KACE SMA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -326,5 +1435,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_R.yml b/data/cisagov_R.yml index a8df413..ab52902 100644 --- a/data/cisagov_R.yml +++ b/data/cisagov_R.yml @@ -4,6 +4,2861 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: R + product: R + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 4.1.1 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.r-project.org/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: R2ediviewer + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Radware + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.radware.com/app/answers/answer_view/a_id/1029752 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rapid7 + product: AlcidekArt, kAdvisor, and kAudit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Insight Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightCloudSec/DivvyCloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightConnect Orchestrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR Network Sensor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR/InsightOps Collector & Event Sources + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps DataHub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - InsightOps DataHub <= 2.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) + using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps non-Java logging libraries + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps r7insight_java logging library + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <=3.0.8 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM Kubernetes Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: IntSights virtual appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries DataHub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: 'Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). + Windows: Run version 1.2.0.822 in a Docker container or as a Java command per + these [instructions](https://docs.logentries.com/docs/datahub-windows). You + can find more details [here](https://docs.logentries.com/docs/datahub-linux).' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries le_java logging library + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All versions: this is a deprecated component' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Framework + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Metasploit Pro ships with log4j but has specific configurations applied + to it that mitigate Log4Shell. A future update will contain a fully patched + version of log4j. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: tCell Java Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Velociraptor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Raritan + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.raritan.com/support + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ravelin + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Real-Time Innovations (RTI) + product: Distributed Logger + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: Recording Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Administration Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - as part of RTI Connext Micro 3.0.0 + - 3.0.1 + - 3.0.2 + - 3.0.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - as part of RTI Connext Professional 6.0.0 and 6.0.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Red Hat + product: log4j-core + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel K + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat build of Quarkus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat CodeReady Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 12.21.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Data Grid + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Decision Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel Quarkus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss A-MQ Streaming + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform Expansion Pack + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Fuse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Process Automation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Single Sign-On + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Vert.X + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Satellite 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Spacewalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 3.11 + product: openshift3/ose-logging-elasticsearch5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-logging-elasticsearch6 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-hive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-presto + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Logging + product: logging-elasticsearch6-container + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenStack Platform 13 (Queens) + product: opendaylight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: End of Life + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-java-common-log4j + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven35-log4j12 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven36-log4j12 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red5Pro + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RedGate + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Redis + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://redis.com/security/notice-apache-log4j2-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Reiner SCT + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ReportURI + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ResMed + product: AirView + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.resmed.com/en-us/security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: ResMed + product: myAir + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.resmed.com/en-us/security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Respondus + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.respondus.com/support/index.php?/News/NewsItem/View/339 + notes: This advisory is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Revenera / Flexera + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ricoh + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ricoh.com/info/2021/1215_1/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RingCentral + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ringcentral.com/trust-center/security-bulletin.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Riverbed + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://supportkb.riverbed.com/support/index?page=content&id=S35645 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataFlowML + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 4.00.00 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataView + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.03.00 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Industrial Data Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Gen 1 + - Gen 2 + - Gen 3 + - Gen 3.5 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: MES EIG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.03.00 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: Customers should upgrade to EIG Hub if possible or work with their local + representatives about alternative solutions. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: VersaVirtual + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Series A + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Warehouse Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 4.01.00 + - 4.02.00 + - 4.02.01 + - 4.02.02 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rollbar + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rollbar.com/blog/log4j-zero-day-2021-log4shell/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rosette.com + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager Prime + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager WebTier + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Identity Router + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA Netwitness + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rstudioapi + product: Rstudioapi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '0.13' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/rstudio/rstudioapi + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Rubrik + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK + notes: This advisory is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ruckus + product: Virtual SmartZone (vSZ) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 5.1 to 6.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ruckuswireless.com/security_bulletins/313 + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: RunDeck by PagerDuty + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.rundeck.com/docs/history/CVEs/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Runecast product: Runecast Analyzer cves: @@ -33,5 +2888,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 3ef818e..16e171e 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SAFE FME Server product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SAGE product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SailPoint product: '' cves: @@ -120,7 +120,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Salesforce product: Analytics Cloud cves: @@ -130,14 +130,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -146,12 +148,12 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Analytics Cloud is reported to be affected by CVE-2021-44228. Services - have been updated to mitigate the issues identified in CVE-2021-44228 and we - are executing our final validation steps."' + notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: B2C Commerce Cloud cves: @@ -161,14 +163,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -177,11 +181,12 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"B2C Commerce Cloud is reported to be affected by CVE-2021-44228. The - service is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: ClickSoftware (As-a-Service) cves: @@ -191,14 +196,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -207,11 +214,12 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"ClickSoftware (As-a-Service) is reported to be affected by CVE-2021-44228. - The service is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: ClickSoftware (On-Premise) cves: @@ -221,14 +229,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -237,12 +247,15 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Please contact Customer Support."' + notes: ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional + details are available here. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce - product: Community Cloud + product: Data.com cves: cve-2021-4104: investigated: false @@ -250,14 +263,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -266,13 +281,14 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Community Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce - product: Data.com + product: DataLoader cves: cve-2021-4104: investigated: false @@ -280,14 +296,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>=53.0.2' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>=53.0.2' unaffected_versions: [] cve-2021-45105: investigated: false @@ -295,15 +313,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Data.com is reported to be affected by CVE-2021-44228. The service has - a mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2 + notes: This version is for use with Salesforce Winter '22 or higher release through + Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for + CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce - product: DataLoader + product: Datorama cves: cve-2021-4104: investigated: false @@ -314,12 +332,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - <=53.0.0 + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -327,13 +346,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce - product: Datorama + product: Evergage (Interaction Studio) cves: cve-2021-4104: investigated: false @@ -341,14 +362,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -357,14 +380,14 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Datorama is reported to be affected by CVE-2021-44228. The service has - a mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce - product: Evergage (Interaction Studio) + product: Experience (Community) Cloud cves: cve-2021-4104: investigated: false @@ -372,14 +395,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -388,12 +413,12 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. - Services have been updated to mitigate the issues identified in CVE-2021-44228 - and we are executing our final validation steps."' + notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Force.com cves: @@ -403,14 +428,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -419,11 +446,15 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Force.com is reported to be affected by CVE-2021-44228. The service is - being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been + patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + Make sure that you are using Data Loader version 53.0.2 or later. Follow the + steps described here to download the latest version of Data Loader. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Heroku cves: @@ -433,15 +464,17 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] @@ -449,11 +482,11 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Heroku is reported to not be affected by CVE-2021-44228; no further action - is necessary at this time."' + notes: Heroku is reported to not be affected by the issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Marketing Cloud cves: @@ -463,14 +496,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -479,11 +514,13 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Marketing Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Salesforce-owned services within Marketing Cloud are not affected by the + issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party + vendors have been patched to address the security issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: MuleSoft (Cloud) cves: @@ -493,14 +530,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -509,11 +548,13 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"MuleSoft (Cloud) is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft + services, including dataloader.io, have been updated to mitigate the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: MuleSoft (On-Premise) cves: @@ -523,14 +564,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -539,10 +582,14 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Please contact Customer Support."' + notes: MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors, including Private Cloud Edition + (PCE) and Anypoint Studio, have a mitigation in place to address the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Pardot cves: @@ -552,14 +599,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -568,11 +617,12 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Pardot is reported to be affected by CVE-2021-44228. The service is being - updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Sales Cloud cves: @@ -582,14 +632,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -598,11 +650,12 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Sales Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Service Cloud cves: @@ -612,14 +665,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -628,11 +683,12 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Service Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Slack cves: @@ -642,14 +698,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -658,12 +716,13 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Slack is reported to be affected by CVE-2021-44228. The service has a - mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are + available here. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Social Studio cves: @@ -673,14 +732,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -689,12 +750,12 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Social Studio is reported to be affected by CVE-2021-44228. The service - has a mitigation in place and is being updated to remediate the vulnerability - identified in CVE-2021-44228."' + notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Tableau (On-Premise) cves: @@ -721,7 +782,10 @@ software: unaffected_versions: [] vendor_links: - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell - notes: Fixed in 2021.4.1 + notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Patches to address the issues currently identified in both CVE-2021-44228 and + CVE-2021-45046 are available for download. Additional details are available + here. references: - '' last_updated: '2021-12-16T00:00:00' @@ -734,14 +798,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -750,13 +816,14 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Tableau (Online) is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services + have been patched to mitigate the issues currently identified in both CVE-2021-44228 + and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Samsung Electronics America - product: Knox Reseller Portal + product: Knox Admin Portal cves: cve-2021-4104: investigated: false @@ -766,15 +833,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] @@ -787,7 +854,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Manage + product: Knox Asset Intelligence cves: cve-2021-4104: investigated: false @@ -797,15 +864,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] @@ -818,7 +885,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Admin Portal + product: Knox Configure cves: cve-2021-4104: investigated: false @@ -830,13 +897,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -849,7 +916,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Mobile Enrollment + product: Knox E-FOTA One cves: cve-2021-4104: investigated: false @@ -861,13 +928,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -880,7 +947,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Configure + product: Knox Guard cves: cve-2021-4104: investigated: false @@ -892,13 +959,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -911,7 +978,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Asset Intelligence + product: Knox License Management cves: cve-2021-4104: investigated: false @@ -923,13 +990,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -942,7 +1009,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox E-FOTA One + product: Knox Manage cves: cve-2021-4104: investigated: false @@ -952,15 +1019,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] @@ -985,13 +1052,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -1004,7 +1071,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Guard + product: Knox Mobile Enrollment cves: cve-2021-4104: investigated: false @@ -1016,13 +1083,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -1035,7 +1102,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox License Management + product: Knox Reseller Portal cves: cve-2021-4104: investigated: false @@ -1045,15 +1112,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] @@ -1093,7 +1160,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SAP product: '' cves: @@ -1212,7 +1279,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SASSAFRAS product: '' cves: @@ -1241,7 +1308,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Savignano software solutions product: '' cves: @@ -1270,7 +1337,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SBT product: SBT cves: @@ -1330,7 +1397,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ScaleFusion MobileLock Pro product: '' cves: @@ -1359,9 +1426,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Schneider Electric - product: EcoStruxure IT Gateway + product: EASYFIT cves: cve-2021-4104: investigated: false @@ -1370,9 +1437,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - V1.5.0 to V1.13.0 + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1385,13 +1452,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: EcoStruxure IT Expert + product: Ecoreal XL cves: cve-2021-4104: investigated: false @@ -1400,39 +1467,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Cloud - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Facility Expert Small Business - cves: - cve-2021-4104: - investigated: false - affected_versions: [] + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - Cloud - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1450,7 +1488,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Wiser by SE platform + product: EcoStruxure IT Expert cves: cve-2021-4104: investigated: false @@ -1479,7 +1517,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: EASYFIT + product: EcoStruxure IT Gateway cves: cve-2021-4104: investigated: false @@ -1488,9 +1526,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Current software and earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - V1.5.0 to V1.13.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1503,13 +1541,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Ecoreal XL + product: Eurotherm Data Reviewer cves: cve-2021-4104: investigated: false @@ -1519,7 +1557,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - V3.0.2 and prior fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1539,7 +1577,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Eurotherm Data Reviewer + product: Facility Expert Small Business cves: cve-2021-4104: investigated: false @@ -1548,9 +1586,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - V3.0.2 and prior - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -2048,6 +2086,35 @@ software: references: - '' last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Wiser by SE platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' - vendor: Schweitzer Engineering Laboratories product: '' cves: @@ -2105,7 +2172,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ScreenBeam product: '' cves: @@ -2134,7 +2201,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SDL worldServer product: '' cves: @@ -2163,7 +2230,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Seagull Scientific product: '' cves: @@ -2192,7 +2259,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SecurePoint product: '' cves: @@ -2221,7 +2288,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Security Onion product: '' cves: @@ -2250,9 +2317,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Securonix - product: SNYPR Application + product: Extended Detection and Response (XDR) cves: cve-2021-4104: investigated: false @@ -2260,8 +2327,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2275,8 +2343,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf - notes: '' + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' last_updated: '2021-12-10T00:00:00' @@ -2311,7 +2379,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: Securonix - product: User and Entity Behavior Analytics(UEBA) + product: Security Analytics and Operations Platform (SOAR) cves: cve-2021-4104: investigated: false @@ -2341,7 +2409,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: Securonix - product: Security Analytics and Operations Platform (SOAR) + product: SNYPR Application cves: cve-2021-4104: investigated: false @@ -2349,9 +2417,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2365,13 +2432,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf + notes: '' references: - '' last_updated: '2021-12-10T00:00:00' - vendor: Securonix - product: Extended Detection and Response (XDR) + product: User and Entity Behavior Analytics(UEBA) cves: cve-2021-4104: investigated: false @@ -2429,7 +2496,7 @@ software: by CISA. references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SentinelOne product: '' cves: @@ -2458,7 +2525,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sentry product: '' cves: @@ -2487,7 +2554,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SEP product: '' cves: @@ -2516,7 +2583,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Server Eye product: '' cves: @@ -2545,7 +2612,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ServiceNow product: '' cves: @@ -2574,7 +2641,39 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ServiceTitan + product: ServiceTitan + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + vendor_links: + - https://security.servicetitan.com/ + notes: '' + references: + - '' + last_updated: '2022-02-07T00:00:00' - vendor: Shibboleth product: '' cves: @@ -2603,7 +2702,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Shibboleth product: All Products cves: @@ -2663,7 +2762,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Siebel product: '' cves: @@ -2692,7 +2791,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Siemens product: Affected Products cves: @@ -2906,7 +3005,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: DICOM Proxy VB10A + product: Cios Flow S1 / Alpha / Spin VA30 cves: cve-2021-4104: investigated: false @@ -2930,12 +3029,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Somatom Scope Som5 VC50 + product: Cios Select FD/I.I. VA21 / VA21-S3P cves: cve-2021-4104: investigated: false @@ -2964,7 +3063,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Somatom Emotion Som5 VC50 + product: DICOM Proxy VB10A cves: cve-2021-4104: investigated: false @@ -2988,7 +3087,7 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' @@ -3546,7 +3645,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A + product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A cves: cve-2021-4104: investigated: false @@ -3570,12 +3669,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Syngo MobileViewer VA10A + product: Somatom Emotion Som5 VC50 cves: cve-2021-4104: investigated: false @@ -3599,13 +3698,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: The vulnerability will be patch/mitigated in upcoming releases\patches. + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 - / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 + product: Somatom Scope Som5 VC50 cves: cve-2021-4104: investigated: false @@ -3629,13 +3727,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 + product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A cves: cve-2021-4104: investigated: false @@ -3659,15 +3756,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: Please contact your Customer Service to get support on mitigating the vulnerability. + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B - / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 - / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 + product: Syngo MobileViewer VA10A cves: cve-2021-4104: investigated: false @@ -3691,12 +3785,13 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: The vulnerability will be patch/mitigated in upcoming releases/patches. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A + product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 + / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 cves: cve-2021-4104: investigated: false @@ -3720,12 +3815,13 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Cios Select FD/I.I. VA21 / VA21-S3P + product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 + - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 cves: cve-2021-4104: investigated: false @@ -3749,12 +3845,15 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: Please contact your Customer Service to get support on mitigating the vulnerability. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Cios Flow S1 / Alpha / Spin VA30 + product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 + - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B + / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 + / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 cves: cve-2021-4104: investigated: false @@ -3778,7 +3877,7 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' @@ -3899,9 +3998,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sierra Wireless - product: AM/AMM servers + product: AirVantage and Octave cloud platforms cves: cve-2021-4104: investigated: false @@ -3925,12 +4024,13 @@ software: unaffected_versions: [] vendor_links: - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs - notes: '' + notes: These systems do not operate with the specific non-standard configuration + required for CVE-2021-25046 and hence were not vulnerable to it. references: - '' last_updated: '2022-01-05T00:00:00' - vendor: Sierra Wireless - product: AirVantage and Octave cloud platforms + product: AM/AMM servers cves: cve-2021-4104: investigated: false @@ -3954,8 +4054,7 @@ software: unaffected_versions: [] vendor_links: - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs - notes: These systems do not operate with the specific non-standard configuration - required for CVE-2021-25046 and hence were not vulnerable to it. + notes: '' references: - '' last_updated: '2022-01-05T00:00:00' @@ -3987,7 +4086,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Silver Peak product: Orchestrator, Silver Peak GMS cves: @@ -4049,7 +4148,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SISCO product: '' cves: @@ -4107,7 +4206,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Skillable product: '' cves: @@ -4136,7 +4235,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SLF4J product: '' cves: @@ -4165,7 +4264,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Slurm product: Slurm cves: @@ -4253,7 +4352,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SmileCDR product: '' cves: @@ -4282,9 +4381,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Snakemake - product: Snakemake + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sn0m + product: '' cves: cve-2021-4104: investigated: false @@ -4292,11 +4391,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 6.12.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4308,13 +4406,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://snakemake.readthedocs.io/en/stable/ + - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Sn0m - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snakemake + product: Snakemake cves: cve-2021-4104: investigated: false @@ -4322,10 +4420,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 6.12.1 cve-2021-45046: investigated: false affected_versions: [] @@ -4337,11 +4436,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ + - https://snakemake.readthedocs.io/en/stable/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Snow Software product: Snow Commander cves: @@ -4371,7 +4470,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Snow Software product: VM Access Proxy cves: @@ -4401,7 +4500,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Snowflake product: '' cves: @@ -4430,7 +4529,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Snyk product: Cloud Platform cves: @@ -4459,7 +4558,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Software AG product: '' cves: @@ -4488,7 +4587,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SolarWinds product: Database Performance Analyzer (DPA) cves: @@ -4609,7 +4708,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sonatype product: All Products cves: @@ -4645,7 +4744,7 @@ software: - '' last_updated: '2021-12-29T00:00:00' - vendor: SonicWall - product: Capture Client & Capture Client Portal + product: Access Points cves: cve-2021-4104: investigated: false @@ -4669,12 +4768,12 @@ software: unaffected_versions: [] vendor_links: - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the Capture Client. + notes: Log4j2 not used in the SonicWall Access Points references: - '' last_updated: '2021-12-12T00:00:00' - vendor: SonicWall - product: Access Points + product: Analytics cves: cve-2021-4104: investigated: false @@ -4698,12 +4797,12 @@ software: unaffected_versions: [] vendor_links: - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SonicWall Access Points + notes: Under Review references: - '' last_updated: '2021-12-12T00:00:00' - vendor: SonicWall - product: Analytics + product: Analyzer cves: cve-2021-4104: investigated: false @@ -4732,7 +4831,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: SonicWall - product: Analyzer + product: Capture Client & Capture Client Portal cves: cve-2021-4104: investigated: false @@ -4756,7 +4855,7 @@ software: unaffected_versions: [] vendor_links: - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + notes: Log4j2 not used in the Capture Client. references: - '' last_updated: '2021-12-12T00:00:00' @@ -5551,9 +5650,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spacelabs Healthcare - product: XprezzNet + product: ABP cves: cve-2021-4104: investigated: false @@ -5565,7 +5664,9 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '96190' + - OnTrak + - 90217A + - and 90207 cve-2021-45046: investigated: false affected_versions: [] @@ -5583,7 +5684,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) + product: CardioExpress cves: cve-2021-4104: investigated: false @@ -5591,10 +5692,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - SL6A + - SL12A + - and SL18A cve-2021-45046: investigated: false affected_versions: [] @@ -5612,7 +5716,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) Clinical Access Workstations + product: DM3 and DM4 Monitors cves: cve-2021-4104: investigated: false @@ -5641,7 +5745,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Xhibit Telemetry Receiver (XTR) + product: Eclipse Pro cves: cve-2021-4104: investigated: false @@ -5649,11 +5753,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '96280' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5671,7 +5774,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Xhibit, XC4 + product: EVO cves: cve-2021-4104: investigated: false @@ -5679,12 +5782,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Xhibit 96102 - - XC4 96501 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5702,7 +5803,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Xprezzon + product: Intesys Clinical Suite (ICS) cves: cve-2021-4104: investigated: false @@ -5710,11 +5811,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91393' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5732,7 +5832,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Qube + product: Intesys Clinical Suite (ICS) Clinical Access Workstations cves: cve-2021-4104: investigated: false @@ -5740,11 +5840,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91390' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5762,7 +5861,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Qube Mini + product: Lifescreen Pro cves: cve-2021-4104: investigated: false @@ -5770,11 +5869,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91389' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5792,7 +5890,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Ultraview SL + product: Pathfinder SL cves: cve-2021-4104: investigated: false @@ -5800,14 +5898,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '91367' - - '91369' - - '91370' - - and 91387 + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5825,7 +5919,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: DM3 and DM4 Monitors + product: Qube cves: cve-2021-4104: investigated: false @@ -5833,10 +5927,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91390' cve-2021-45046: investigated: false affected_versions: [] @@ -5854,7 +5949,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Sentinel + product: Qube Mini cves: cve-2021-4104: investigated: false @@ -5862,10 +5957,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91389' cve-2021-45046: investigated: false affected_versions: [] @@ -5883,7 +5979,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Pathfinder SL + product: SafeNSound cves: cve-2021-4104: investigated: false @@ -5891,9 +5987,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5907,12 +6004,12 @@ software: unaffected_versions: [] vendor_links: - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: '' + notes: Version >4.3.1 - Not Affected references: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Lifescreen Pro + product: Sentinel cves: cve-2021-4104: investigated: false @@ -5941,7 +6038,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: EVO + product: Spacelabs Cloud cves: cve-2021-4104: investigated: false @@ -5970,7 +6067,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Eclipse Pro + product: Ultraview SL cves: cve-2021-4104: investigated: false @@ -5978,10 +6075,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91367' + - '91369' + - '91370' + - and 91387 cve-2021-45046: investigated: false affected_versions: [] @@ -5999,7 +6100,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: CardioExpress + product: Xhibit Telemetry Receiver (XTR) cves: cve-2021-4104: investigated: false @@ -6011,9 +6112,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - SL6A - - SL12A - - and SL18A + - '96280' cve-2021-45046: investigated: false affected_versions: [] @@ -6031,7 +6130,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: ABP + product: Xhibit, XC4 cves: cve-2021-4104: investigated: false @@ -6043,9 +6142,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - OnTrak - - 90217A - - and 90207 + - Xhibit 96102 + - XC4 96501 cve-2021-45046: investigated: false affected_versions: [] @@ -6063,7 +6161,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Spacelabs Cloud + product: XprezzNet cves: cve-2021-4104: investigated: false @@ -6071,10 +6169,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '96190' cve-2021-45046: investigated: false affected_versions: [] @@ -6092,7 +6191,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: SafeNSound + product: Xprezzon cves: cve-2021-4104: investigated: false @@ -6102,9 +6201,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 4.3.1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '91393' cve-2021-45046: investigated: false affected_versions: [] @@ -6117,7 +6216,7 @@ software: unaffected_versions: [] vendor_links: - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: Version >4.3.1 - Not Affected + notes: '' references: - '' last_updated: '2022-01-05T00:00:00' @@ -6149,7 +6248,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spigot product: '' cves: @@ -6178,9 +6277,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Splunk - product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) + product: Data Stream Processor cves: cve-2021-4104: investigated: false @@ -6190,7 +6289,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 5.2.0 and older + - DSP 1.0.x + - DSP 1.1.x + - DSP 1.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6210,7 +6311,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) + product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) cves: cve-2021-4104: investigated: false @@ -6220,7 +6321,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.0.0 and older + - '4.11' + - 4.10.x (Cloud only) + - 4.9.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6240,7 +6343,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) + product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) cves: cve-2021-4104: investigated: false @@ -6250,7 +6353,13 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.0.0 and older + - 4.11.0 + - 4.10.x (Cloud only) + - 4.9.x + - 4.8.x (Cloud only) + - 4.7.x + - 4.6.x + - 4.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6270,7 +6379,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Data Stream Processor + product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) cves: cve-2021-4104: investigated: false @@ -6280,9 +6389,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - DSP 1.0.x - - DSP 1.1.x - - DSP 1.2.x + - 5.2.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6302,7 +6409,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) + product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) cves: cve-2021-4104: investigated: false @@ -6312,9 +6419,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '4.11' - - 4.10.x (Cloud only) - - 4.9.x + - 3.0.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6334,7 +6439,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) + product: Splunk Application Performance Monitoring cves: cve-2021-4104: investigated: false @@ -6344,13 +6449,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 4.11.0 - - 4.10.x (Cloud only) - - 4.9.x - - 4.8.x (Cloud only) - - 4.7.x - - 4.6.x - - 4.5.x + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6492,7 +6591,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Logging Library for Java + product: Splunk Infrastructure Monitoring cves: cve-2021-4104: investigated: false @@ -6502,7 +6601,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 1.11.0 and older + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6522,7 +6621,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) + product: Splunk Log Observer cves: cve-2021-4104: investigated: false @@ -6532,7 +6631,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 4.0.3 and older + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6552,7 +6651,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) + product: Splunk Logging Library for Java cves: cve-2021-4104: investigated: false @@ -6562,7 +6661,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 4.2.1 and older + - 1.11.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6582,7 +6681,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) + product: Splunk On-call / VictorOps cves: cve-2021-4104: investigated: false @@ -6592,7 +6691,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 1.1.1 and older + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6612,7 +6711,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk On-call / VictorOps + product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) cves: cve-2021-4104: investigated: false @@ -6622,7 +6721,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 4.0.3 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6642,7 +6741,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Real User Monitoring + product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) cves: cve-2021-4104: investigated: false @@ -6652,7 +6751,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 4.2.1 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6672,7 +6771,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Application Performance Monitoring + product: Splunk Real User Monitoring cves: cve-2021-4104: investigated: false @@ -6702,7 +6801,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Infrastructure Monitoring + product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) cves: cve-2021-4104: investigated: false @@ -6712,7 +6811,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 3.0.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6732,7 +6831,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Log Observer + product: Splunk Synthetics cves: cve-2021-4104: investigated: false @@ -6762,7 +6861,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Synthetics + product: Splunk UBA OVA Software cves: cve-2021-4104: investigated: false @@ -6772,7 +6871,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 5.0.3a + - 5.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6792,7 +6892,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk UBA OVA Software + product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) cves: cve-2021-4104: investigated: false @@ -6802,8 +6902,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 5.0.3a - - 5.0.0 + - 1.1.1 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6850,7 +6949,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spring product: Spring Boot cves: @@ -6880,7 +6979,7 @@ software: switched the default logging system to Log4J2 references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spring Boot product: '' cves: @@ -6909,7 +7008,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: StarDog product: '' cves: @@ -6938,7 +7037,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: STERIS product: Advantage cves: @@ -6998,7 +7097,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: DSD Edge + product: AMSCO 2000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7027,7 +7126,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: EndoDry + product: AMSCO 3000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7056,7 +7155,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RapidAER + product: AMSCO 400 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7085,7 +7184,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Endora + product: AMSCO 400 SMALL STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -7114,7 +7213,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Canexis 1.0 + product: AMSCO 5000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7143,7 +7242,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ConnectoHIS + product: AMSCO 600 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7172,7 +7271,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ScopeBuddy+ + product: AMSCO 7000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7201,7 +7300,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: DSD-201, + product: AMSCO CENTURY MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7230,7 +7329,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CER Optima + product: AMSCO CENTURY SMALL STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7259,7 +7358,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Renatron + product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -7288,7 +7387,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ConnectAssure Technology + product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7317,7 +7416,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: SPM Surgical Asset Tracking Software + product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7346,7 +7445,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CS-iQ Sterile Processing Workflow + product: Canexis 1.0 cves: cve-2021-4104: investigated: false @@ -7375,7 +7474,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 2000 SERIES WASHER DISINFECTORS + product: CELERITY HP INCUBATOR cves: cve-2021-4104: investigated: false @@ -7404,7 +7503,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 3000 SERIES WASHER DISINFECTORS + product: CELERITY STEAM INCUBATOR cves: cve-2021-4104: investigated: false @@ -7433,7 +7532,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 5000 SERIES WASHER DISINFECTORS + product: CER Optima cves: cve-2021-4104: investigated: false @@ -7462,7 +7561,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 7000 SERIES WASHER DISINFECTORS + product: Clarity Software cves: cve-2021-4104: investigated: false @@ -7491,7 +7590,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE 444 WASHER DISINFECTOR + product: Connect Software cves: cve-2021-4104: investigated: false @@ -7520,7 +7619,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE SYNERGY WASHER DISINFECTOR + product: ConnectAssure Technology cves: cve-2021-4104: investigated: false @@ -7549,7 +7648,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS + product: ConnectoHIS cves: cve-2021-4104: investigated: false @@ -7578,7 +7677,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR + product: CS-iQ Sterile Processing Workflow cves: cve-2021-4104: investigated: false @@ -7607,7 +7706,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR + product: DSD Edge cves: cve-2021-4104: investigated: false @@ -7636,7 +7735,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 400 MEDIUM STEAM STERILIZER + product: DSD-201, cves: cve-2021-4104: investigated: false @@ -7665,7 +7764,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 400 SMALL STEAM STERILIZERS + product: EndoDry cves: cve-2021-4104: investigated: false @@ -7694,7 +7793,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 600 MEDIUM STEAM STERILIZER + product: Endora cves: cve-2021-4104: investigated: false @@ -7723,7 +7822,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO CENTURY MEDIUM STEAM STERILIZER + product: Harmony iQ Integration Systems cves: cve-2021-4104: investigated: false @@ -7752,7 +7851,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO CENTURY SMALL STEAM STERILIZER + product: Harmony iQ Perspectives Image Management System cves: cve-2021-4104: investigated: false @@ -7781,7 +7880,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS + product: HexaVue cves: cve-2021-4104: investigated: false @@ -7810,7 +7909,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER + product: HexaVue Integration System cves: cve-2021-4104: investigated: false @@ -7839,7 +7938,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER + product: IDSS Integration System cves: cve-2021-4104: investigated: false @@ -7868,7 +7967,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CELERITY HP INCUBATOR + product: RapidAER cves: cve-2021-4104: investigated: false @@ -7897,7 +7996,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CELERITY STEAM INCUBATOR + product: ReadyTracker cves: cve-2021-4104: investigated: false @@ -7926,7 +8025,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS + product: RealView Visual Workflow Management System cves: cve-2021-4104: investigated: false @@ -7955,7 +8054,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM + product: RELIANCE 444 WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -7984,7 +8083,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE SYNERGY WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -8013,7 +8112,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -8042,7 +8141,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -8071,7 +8170,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -8100,7 +8199,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM + product: Renatron cves: cve-2021-4104: investigated: false @@ -8129,7 +8228,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: SecureCare ProConnect Technical Support Services + product: ScopeBuddy+ cves: cve-2021-4104: investigated: false @@ -8158,7 +8257,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: HexaVue Integration System + product: SecureCare ProConnect Technical Support Services cves: cve-2021-4104: investigated: false @@ -8187,7 +8286,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: IDSS Integration System + product: Situational Awareness for Everyone Display (S.A.F.E.) cves: cve-2021-4104: investigated: false @@ -8216,7 +8315,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Harmony iQ Integration Systems + product: SPM Surgical Asset Tracking Software cves: cve-2021-4104: investigated: false @@ -8245,7 +8344,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: HexaVue + product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM cves: cve-2021-4104: investigated: false @@ -8274,7 +8373,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Connect Software + product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8303,7 +8402,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Harmony iQ Perspectives Image Management System + product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8332,7 +8431,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Clarity Software + product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8361,7 +8460,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Situational Awareness for Everyone Display (S.A.F.E.) + product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8390,7 +8489,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RealView Visual Workflow Management System + product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8419,7 +8518,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ReadyTracker + product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS cves: cve-2021-4104: investigated: false @@ -8475,7 +8574,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Storagement product: '' cves: @@ -8504,7 +8603,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: StormShield product: '' cves: @@ -8533,7 +8632,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: StrangeBee TheHive & Cortex product: '' cves: @@ -8562,7 +8661,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Stratodesk product: '' cves: @@ -8591,7 +8690,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Strimzi product: '' cves: @@ -8620,7 +8719,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Stripe product: '' cves: @@ -8649,7 +8748,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Styra product: '' cves: @@ -8678,7 +8777,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sumologic product: '' cves: @@ -8707,7 +8806,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SumoLogic product: '' cves: @@ -8736,7 +8835,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Superna EYEGLASS product: '' cves: @@ -8765,7 +8864,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Suprema Inc product: '' cves: @@ -8794,7 +8893,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SUSE product: '' cves: @@ -8823,7 +8922,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sweepwidget product: '' cves: @@ -8852,7 +8951,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Swyx product: '' cves: @@ -8881,7 +8980,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Synchro MSP product: '' cves: @@ -8910,7 +9009,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Syncplify product: '' cves: @@ -8939,7 +9038,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Synology product: '' cves: @@ -8968,7 +9067,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Synopsys product: '' cves: @@ -8997,7 +9096,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Syntevo product: '' cves: @@ -9026,7 +9125,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SysAid product: '' cves: @@ -9055,7 +9154,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sysdig product: '' cves: @@ -9084,5 +9183,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_T.yml b/data/cisagov_T.yml index 188d8dc..4b0134c 100644 --- a/data/cisagov_T.yml +++ b/data/cisagov_T.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: Tableau - product: Tableau Server + product: Tableau Bridge cves: cve-2021-4104: investigated: false @@ -15,19 +15,19 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'The following versions and lower: 2021.4' - - 2021.3.4 - - 2021.2.5 - - 2021.1.8 - - 2020.4.11 - - 2020.3.14 - - 2020.2.19 - - 2020.1.22 - - 2019.4.25 - - 2019.3.26 - - 2019.2.29 - - 2019.1.29 - - 2018.3.29 + - 'The following versions and lower: 20214.21.1109.1748' + - 20213.21.1112.1434 + - 20212.21.0818.1843 + - 20211.21.0617.1133 + - 20204.21.0217.1203 + - 20203.20.0913.2112 + - 20202.20.0721.1350 + - 20201.20.0614.2321 + - 20194.20.0614.2307 + - 20193.20.0614.2306 + - 20192.19.0917.1648 + - 20191.19.0402.1911 + - 20183.19.0115.1143 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -191,7 +191,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Tableau - product: Tableau Bridge + product: Tableau Server cves: cve-2021-4104: investigated: false @@ -201,19 +201,19 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'The following versions and lower: 20214.21.1109.1748' - - 20213.21.1112.1434 - - 20212.21.0818.1843 - - 20211.21.0617.1133 - - 20204.21.0217.1203 - - 20203.20.0913.2112 - - 20202.20.0721.1350 - - 20201.20.0614.2321 - - 20194.20.0614.2307 - - 20193.20.0614.2306 - - 20192.19.0917.1648 - - 20191.19.0402.1911 - - 20183.19.0115.1143 + - 'The following versions and lower: 2021.4' + - 2021.3.4 + - 2021.2.5 + - 2021.1.8 + - 2020.4.11 + - 2020.3.14 + - 2020.2.19 + - 2020.1.22 + - 2019.4.25 + - 2019.3.26 + - 2019.2.29 + - 2019.1.29 + - 2018.3.29 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -260,7 +260,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tanium product: All cves: @@ -319,7 +319,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TeamPasswordManager product: '' cves: @@ -348,7 +348,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Teamviewer product: '' cves: @@ -377,7 +377,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tech Software product: OneAegis (f/k/a IRBManager) cves: @@ -496,7 +496,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Telestream product: '' cves: @@ -525,7 +525,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tenable product: Tenable.io / Nessus cves: @@ -555,9 +555,9 @@ software: to CVE-2021-44228 or CVE-2021-45046 at this time references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Thales - product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core + product: CADP/SafeNet Protect App (PA) - JCE cves: cve-2021-4104: investigated: false @@ -586,7 +586,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Embedded + product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core cves: cve-2021-4104: investigated: false @@ -615,7 +615,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Database Protection + product: CipherTrust Batch Data Transformation (BDT) 2.3 cves: cve-2021-4104: investigated: false @@ -644,7 +644,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Manager + product: CipherTrust Cloud Key Manager (CCKM) Appliance cves: cve-2021-4104: investigated: false @@ -673,7 +673,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) + product: CipherTrust Cloud Key Manager (CCKM) Embedded cves: cve-2021-4104: investigated: false @@ -702,7 +702,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Vaultless Tokenization (CTS, CT-VL) + product: CipherTrust Database Protection cves: cve-2021-4104: investigated: false @@ -731,7 +731,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Data Protection on Demand + product: CipherTrust Manager cves: cve-2021-4104: investigated: false @@ -760,7 +760,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Data Security Manager (DSM) + product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) cves: cve-2021-4104: investigated: false @@ -789,7 +789,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: KeySecure + product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager cves: cve-2021-4104: investigated: false @@ -818,7 +818,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Luna EFT + product: CipherTrust Vaultless Tokenization (CTS, CT-VL) cves: cve-2021-4104: investigated: false @@ -847,7 +847,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Luna Network, PCIe, Luna USB HSM and backup devices + product: CipherTrust/SafeNet PDBCTL cves: cve-2021-4104: investigated: false @@ -876,7 +876,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Luna SP + product: Crypto Command Center (CCC) cves: cve-2021-4104: investigated: false @@ -905,7 +905,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: ProtectServer HSMs + product: Data Protection on Demand cves: cve-2021-4104: investigated: false @@ -934,7 +934,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Authentication Client + product: Data Security Manager (DSM) cves: cve-2021-4104: investigated: false @@ -963,7 +963,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet IDPrime Virtual + product: KeySecure cves: cve-2021-4104: investigated: false @@ -992,7 +992,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet eToken (all products) + product: Luna EFT cves: cve-2021-4104: investigated: false @@ -1021,7 +1021,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet IDPrime(all products) + product: Luna Network, PCIe, Luna USB HSM and backup devices cves: cve-2021-4104: investigated: false @@ -1050,7 +1050,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet LUKS + product: Luna SP cves: cve-2021-4104: investigated: false @@ -1079,7 +1079,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core + product: payShield Monitor cves: cve-2021-4104: investigated: false @@ -1108,7 +1108,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet ProtectDB (PDB) + product: ProtectServer HSMs cves: cve-2021-4104: investigated: false @@ -1137,7 +1137,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet ProtectV + product: SafeNet Authentication Client cves: cve-2021-4104: investigated: false @@ -1166,7 +1166,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Safenet ProtectFile and ProtectFile- Fuse + product: SafeNet eToken (all products) cves: cve-2021-4104: investigated: false @@ -1195,7 +1195,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Transform Utility (TU) + product: SafeNet IDPrime Virtual cves: cve-2021-4104: investigated: false @@ -1224,7 +1224,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Trusted Access (STA) + product: SafeNet IDPrime(all products) cves: cve-2021-4104: investigated: false @@ -1253,7 +1253,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet PKCS#11 and TDE + product: SafeNet LUKS cves: cve-2021-4104: investigated: false @@ -1282,7 +1282,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet SQL EKM + product: SafeNet PKCS#11 and TDE cves: cve-2021-4104: investigated: false @@ -1311,7 +1311,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SAS on Prem (SPE/PCE) + product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core cves: cve-2021-4104: investigated: false @@ -1340,7 +1340,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel EMS Enterprise OnPremise + product: SafeNet ProtectDB (PDB) cves: cve-2021-4104: investigated: false @@ -1369,7 +1369,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel ESDaaS + product: Safenet ProtectFile and ProtectFile- Fuse cves: cve-2021-4104: investigated: false @@ -1398,7 +1398,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Up + product: SafeNet ProtectV cves: cve-2021-4104: investigated: false @@ -1427,7 +1427,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel RMS + product: SafeNet SQL EKM cves: cve-2021-4104: investigated: false @@ -1456,7 +1456,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Connect + product: SafeNet Transform Utility (TU) cves: cve-2021-4104: investigated: false @@ -1485,7 +1485,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Superdog, SuperPro, UltraPro, SHK + product: SafeNet Trusted Access (STA) cves: cve-2021-4104: investigated: false @@ -1514,7 +1514,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel HASP, Legacy dog, Maze, Hardlock + product: SafeNet Vaultless Tokenization cves: cve-2021-4104: investigated: false @@ -1543,7 +1543,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Envelope + product: SAS on Prem (SPE/PCE) cves: cve-2021-4104: investigated: false @@ -1572,7 +1572,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales payShield 9000 + product: Sentinel Connect cves: cve-2021-4104: investigated: false @@ -1601,7 +1601,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales payShield 10k + product: Sentinel EMS Enterprise aaS cves: cve-2021-4104: investigated: false @@ -1630,7 +1630,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales payShield Manager + product: Sentinel EMS Enterprise OnPremise cves: cve-2021-4104: investigated: false @@ -1659,7 +1659,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetirc Key Manager (VKM) + product: Sentinel Envelope cves: cve-2021-4104: investigated: false @@ -1688,7 +1688,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetric Application Encryption (VAE) + product: Sentinel ESDaaS cves: cve-2021-4104: investigated: false @@ -1717,7 +1717,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetric Protection for Terradata Database (VPTD) + product: Sentinel HASP, Legacy dog, Maze, Hardlock cves: cve-2021-4104: investigated: false @@ -1746,7 +1746,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetric Tokenization Server (VTS) + product: Sentinel LDK EMS (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -1775,7 +1775,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: payShield Monitor + product: Sentinel LDKaas (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -1804,7 +1804,8 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CADP/SafeNet Protect App (PA) - JCE + product: Sentinel Professional Services components (both Thales hosted & hosted + on-premises by customers) cves: cve-2021-4104: investigated: false @@ -1833,7 +1834,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Batch Data Transformation (BDT) 2.3 + product: Sentinel RMS cves: cve-2021-4104: investigated: false @@ -1862,7 +1863,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Appliance + product: Sentinel SCL cves: cve-2021-4104: investigated: false @@ -1891,7 +1892,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager + product: Sentinel Superdog, SuperPro, UltraPro, SHK cves: cve-2021-4104: investigated: false @@ -1920,7 +1921,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust/SafeNet PDBCTL + product: Sentinel Up cves: cve-2021-4104: investigated: false @@ -1949,7 +1950,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Crypto Command Center (CCC) + product: Thales Data Platform (TDP)(DDC) cves: cve-2021-4104: investigated: false @@ -1978,7 +1979,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Vaultless Tokenization + product: Thales payShield 10k cves: cve-2021-4104: investigated: false @@ -2007,7 +2008,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel LDK EMS (LDK-EMS) + product: Thales payShield 9000 cves: cve-2021-4104: investigated: false @@ -2036,7 +2037,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel LDKaas (LDK-EMS) + product: Thales payShield Manager cves: cve-2021-4104: investigated: false @@ -2065,7 +2066,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel EMS Enterprise aaS + product: Vormetirc Key Manager (VKM) cves: cve-2021-4104: investigated: false @@ -2094,8 +2095,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Professional Services components (both Thales hosted & hosted - on-premises by customers) + product: Vormetric Application Encryption (VAE) cves: cve-2021-4104: investigated: false @@ -2124,7 +2124,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel SCL + product: Vormetric Protection for Terradata Database (VPTD) cves: cve-2021-4104: investigated: false @@ -2153,7 +2153,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales Data Platform (TDP)(DDC) + product: Vormetric Tokenization Server (VTS) cves: cve-2021-4104: investigated: false @@ -2181,8 +2181,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + - vendor: Thermo Fisher Scientific + product: '' cves: cve-2021-4104: investigated: false @@ -2190,11 +2190,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 2022a + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2206,8 +2205,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, Install the 2022a patch when available + - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' @@ -2224,7 +2223,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2021b + - 2022a cve-2021-45046: investigated: false affected_versions: [] @@ -2237,7 +2236,7 @@ software: unaffected_versions: [] vendor_links: - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + notes: Use the program as normal, Install the 2022a patch when available references: - '' last_updated: '2021-12-22T00:00:00' @@ -2254,7 +2253,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2018b to 2021a + - 2021b cve-2021-45046: investigated: false affected_versions: [] @@ -2267,8 +2266,7 @@ software: unaffected_versions: [] vendor_links: - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, delete the Log4j 2 files in the program installation - if required, see advisory for instructions. + notes: Use the program as normal references: - '' last_updated: '2021-12-22T00:00:00' @@ -2285,7 +2283,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2018a and earlier + - 2018b to 2021a cve-2021-45046: investigated: false affected_versions: [] @@ -2298,12 +2296,13 @@ software: unaffected_versions: [] vendor_links: - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + notes: Use the program as normal, delete the Log4j 2 files in the program installation + if required, see advisory for instructions. references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Thermo Fisher Scientific - product: '' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -2311,10 +2310,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2018a and earlier cve-2021-45046: investigated: false affected_versions: [] @@ -2326,8 +2326,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal references: - '' last_updated: '2021-12-22T00:00:00' @@ -2391,9 +2391,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ThycoticCentrify - product: Secret Server + product: Account Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -2423,7 +2423,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Privilege Manager + product: Cloud Suite cves: cve-2021-4104: investigated: false @@ -2453,7 +2453,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Account Lifecycle Manager + product: Connection Manager cves: cve-2021-4104: investigated: false @@ -2483,7 +2483,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Privileged Behavior Analytics + product: DevOps Secrets Vault cves: cve-2021-4104: investigated: false @@ -2513,7 +2513,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: DevOps Secrets Vault + product: Password Reset Server cves: cve-2021-4104: investigated: false @@ -2543,7 +2543,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Connection Manager + product: Privilege Manager cves: cve-2021-4104: investigated: false @@ -2573,7 +2573,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Password Reset Server + product: Privileged Behavior Analytics cves: cve-2021-4104: investigated: false @@ -2603,7 +2603,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Cloud Suite + product: Secret Server cves: cve-2021-4104: investigated: false @@ -2690,7 +2690,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Top Gun Technology (TGT) product: '' cves: @@ -2719,7 +2719,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TopDesk product: '' cves: @@ -2748,7 +2748,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Topicus Security product: Topicus KeyHub cves: @@ -2807,7 +2807,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tosibox product: '' cves: @@ -2836,7 +2836,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TPLink product: Omega Controller cves: @@ -2897,7 +2897,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tricentis Tosca product: '' cves: @@ -2926,21 +2926,51 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Tripp Lite - product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, - SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tridium + product: '' cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf + notes: Document access requires authentication. CISA is not able to validate vulnerability + status. + references: + - '' + last_updated: '2022-01-19T00:00:00' + - vendor: Trimble + product: eCognition + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 10.2.0 Build 4618 + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2951,15 +2981,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: '' + vendor_links: [] + notes: Remediation steps provided by Trimble references: - '' - last_updated: '2022-01-04T00:00:00' + last_updated: '2021-12-23T00:00:00' - vendor: Tripp Lite - product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or - embedded SNMPWEBCARD + product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, + SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) cves: cve-2021-4104: investigated: false @@ -3018,7 +3047,7 @@ software: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: PowerAlert Network Shutdown Agent (PANSA) + product: PowerAlert Network Management System (PANMS) cves: cve-2021-4104: investigated: false @@ -3042,13 +3071,13 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. references: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: PowerAlert Network Management System (PANMS) + product: PowerAlert Network Shutdown Agent (PANSA) cves: cve-2021-4104: investigated: false @@ -3072,13 +3101,13 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. references: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: TLNETCARD and associated software + product: PowerAlertElement Manager (PAEM) cves: cve-2021-4104: investigated: false @@ -3086,8 +3115,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3102,12 +3132,14 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: '' + notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which + will contain a patched version of Log4j2 references: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: PowerAlertElement Manager (PAEM) + product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or + embedded SNMPWEBCARD cves: cve-2021-4104: investigated: false @@ -3115,9 +3147,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 1.0.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3132,13 +3163,12 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which - will contain a patched version of Log4j2 + notes: '' references: - '' last_updated: '2022-01-04T00:00:00' - - vendor: Tripwire - product: '' + - vendor: Tripp Lite + product: TLNETCARD and associated software cves: cve-2021-4104: investigated: false @@ -3161,13 +3191,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tripwire.com/log4j + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Trimble - product: eCognition + last_updated: '2022-01-04T00:00:00' + - vendor: Tripwire + product: '' cves: cve-2021-4104: investigated: false @@ -3175,9 +3205,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 10.2.0 Build 4618 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3190,11 +3219,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: Remediation steps provided by Trimble + vendor_links: + - https://www.tripwire.com/log4j + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TrueNAS product: '' cves: @@ -3223,7 +3253,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tufin product: '' cves: @@ -3252,7 +3282,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TYPO3 product: '' cves: @@ -3281,5 +3311,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_U.yml b/data/cisagov_U.yml index 7240ee1..5a679fc 100644 --- a/data/cisagov_U.yml +++ b/data/cisagov_U.yml @@ -33,7 +33,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ubiquiti product: UniFi Network Controller cves: @@ -93,9 +93,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Umbraco - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: UiPath + product: InSights cves: cve-2021-4104: investigated: false @@ -103,8 +103,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '20.10' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -118,12 +119,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ + - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: UniFlow + last_updated: '2021-12-15T00:00:00' + - vendor: Umbraco product: '' cves: cve-2021-4104: @@ -147,12 +148,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.uniflow.global/en/security/security-and-maintenance/ + - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Unify ATOS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: UniFlow product: '' cves: cve-2021-4104: @@ -176,12 +177,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf + - https://www.uniflow.global/en/security/security-and-maintenance/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Unimus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Unify ATOS product: '' cves: cve-2021-4104: @@ -205,13 +206,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top + - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: UiPath - product: InSights + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Unimus + product: '' cves: cve-2021-4104: investigated: false @@ -219,9 +220,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '20.10' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -235,11 +235,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 + - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: USSIGNAL MSP product: '' cves: @@ -268,5 +268,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_V.yml b/data/cisagov_V.yml index 5a6257a..c3555b7 100644 --- a/data/cisagov_V.yml +++ b/data/cisagov_V.yml @@ -4,35 +4,6 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: - - vendor: VArmour - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:56+00:00' - vendor: Varian product: Acuity cves: @@ -64,7 +35,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: DITC + product: ARIA Connect (Cloverleaf) cves: cve-2021-4104: investigated: false @@ -72,11 +43,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -94,7 +65,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA Connect (Cloverleaf) + product: ARIA eDOC cves: cve-2021-4104: investigated: false @@ -154,7 +125,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: XMediusFax for ARIA oncology information system for Medical Oncology + product: ARIA oncology information system for Radiation Oncology cves: cve-2021-4104: investigated: false @@ -162,11 +133,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -184,7 +155,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA oncology information system for Radiation Oncology + product: ARIA Radiation Therapy Management System (RTM) cves: cve-2021-4104: investigated: false @@ -214,7 +185,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA eDOC + product: Bravos Console cves: cve-2021-4104: investigated: false @@ -244,7 +215,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: XMediusFax for ARIA oncology information system for Radiation Oncology + product: Clinac cves: cve-2021-4104: investigated: false @@ -274,37 +245,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA Radiation Therapy Management System (RTM) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Bravos Console + product: Cloud Planner cves: cve-2021-4104: investigated: false @@ -334,7 +275,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Clinac + product: DITC cves: cve-2021-4104: investigated: false @@ -364,7 +305,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Cloud Planner + product: DoseLab cves: cve-2021-4104: investigated: false @@ -394,7 +335,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: DoseLab + product: Eclipse treatment planning software cves: cve-2021-4104: investigated: false @@ -424,7 +365,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Eclipse treatment planning software + product: ePeerReview cves: cve-2021-4104: investigated: false @@ -432,11 +373,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -454,7 +395,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ePeerReview + product: Ethos cves: cve-2021-4104: investigated: false @@ -462,11 +403,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -484,7 +425,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Ethos + product: FullScale oncology IT solutions cves: cve-2021-4104: investigated: false @@ -492,11 +433,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -514,7 +455,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: FullScale oncology IT solutions + product: Halcyon system cves: cve-2021-4104: investigated: false @@ -544,7 +485,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Halcyon system + product: ICAP cves: cve-2021-4104: investigated: false @@ -552,11 +493,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -694,7 +635,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ICAP + product: Mobius3D platform cves: cve-2021-4104: investigated: false @@ -724,7 +665,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Mobius3D platform + product: PaaS cves: cve-2021-4104: investigated: false @@ -934,7 +875,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: PaaS + product: TrueBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -964,7 +905,37 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: TrueBeam radiotherapy system + product: UNIQUE system + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Varian Authentication and Identity Server (VAIS) cves: cve-2021-4104: investigated: false @@ -994,7 +965,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: UNIQUE system + product: Varian Managed Services Cloud cves: cve-2021-4104: investigated: false @@ -1024,7 +995,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Varian Authentication and Identity Server (VAIS) + product: Varian Mobile App cves: cve-2021-4104: investigated: false @@ -1036,7 +1007,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '2.0' + - '2.5' cve-2021-45046: investigated: false affected_versions: [] @@ -1054,7 +1026,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Varian Managed Services Cloud + product: VariSeed cves: cve-2021-4104: investigated: false @@ -1062,11 +1034,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1084,7 +1056,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Varian Mobile App + product: Velocity cves: cve-2021-4104: investigated: false @@ -1096,8 +1068,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '2.0' - - '2.5' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1115,7 +1086,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: VariSeed + product: VitalBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -1145,7 +1116,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Velocity + product: Vitesse cves: cve-2021-4104: investigated: false @@ -1175,7 +1146,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: VitalBeam radiotherapy system + product: XMediusFax for ARIA oncology information system for Medical Oncology cves: cve-2021-4104: investigated: false @@ -1183,11 +1154,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1205,7 +1176,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Vitesse + product: XMediusFax for ARIA oncology information system for Radiation Oncology cves: cve-2021-4104: investigated: false @@ -1213,11 +1184,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1234,6 +1205,35 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: VArmour + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Varnish Software product: '' cves: @@ -1262,7 +1262,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Varonis product: '' cves: @@ -1291,7 +1291,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Veeam product: '' cves: @@ -1320,7 +1320,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Venafi product: '' cves: @@ -1349,7 +1349,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Veritas NetBackup product: '' cves: @@ -1378,7 +1378,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Vertica product: '' cves: @@ -1408,6 +1408,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:56+00:00' + - vendor: Video Insight Inc. + product: Video Insight + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability + notes: Video Insight is a part of Panasonic I-Pro. + references: + - '' + last_updated: '2022-01-19T00:00:00' - vendor: Viso Trust product: '' cves: @@ -1436,7 +1466,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: VMware product: API Portal for VMware Tanzu cves: @@ -1648,6 +1678,71 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: vCenter Server - OVA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 7.x + - 6.7.x + - 6.5.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 + )' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: VMware + product: vCenter Server - Windows + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 6.7.x + - 6.5.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 + )' + references: + - '' + last_updated: '2021-12-17T00:00:00' - vendor: VMware product: VMware Carbon Black Cloud Workload Appliance cves: @@ -2261,71 +2356,6 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: vCenter Server - OVA - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 7.x - - 6.7.x - - 6.5.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 - )' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: vCenter Server - Windows - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 6.7.x - - 6.5.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 - )' - references: - - '' - last_updated: '2021-12-17T00:00:00' - vendor: VMware product: VMware vRealize Automation cves: @@ -2584,7 +2614,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index f8b1dae..74a2c36 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -14,9 +14,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 4.2.x < 4.8.1.3 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -35,7 +35,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Wallarm - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -62,9 +62,39 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wallix + product: Access Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.wallix.com/fr/support/alerts/ + notes: Customer Portal for patch found in advisory. This patch is available to + customer only and has not been reviewed by CISA. + references: + - '' - vendor: Wasp Barcode technologies - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -91,9 +121,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: WatchGuard - product: Secplicity + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Watcher + product: All cves: cve-2021-4104: investigated: false @@ -101,10 +131,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -116,13 +147,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ + - https://twitter.com/felix_hrn/status/1470387338001977344 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Western Digital - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: AuthPoint cves: cve-2021-4104: investigated: false @@ -130,9 +161,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -145,13 +177,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: WIBU Systems - product: CodeMeter Keyring for TIA Portal + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Dimension cves: cve-2021-4104: investigated: false @@ -160,10 +192,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.30 and prior + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -175,13 +207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf - notes: Only the Password Manager is affected + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: WIBU Systems - product: CodeMeter Cloud Lite + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: EDPR and Panda AD360 cves: cve-2021-4104: investigated: false @@ -190,10 +222,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.2 and prior + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -205,13 +237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: WindRiver - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Firebox cves: cve-2021-4104: investigated: false @@ -219,10 +251,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -234,13 +267,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: WireShark - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: System Manager, Dimension, and Panda AD360 cves: cve-2021-4104: investigated: false @@ -248,10 +281,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -263,13 +297,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gitlab.com/wireshark/wireshark/-/issues/17783 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Wistia - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Threat Detection and Response cves: cve-2021-4104: investigated: false @@ -277,9 +311,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -292,13 +327,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.wistia.com/incidents/jtg0dfl5l224 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: WitFoo - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Wi-Fi Cloud cves: cve-2021-4104: investigated: false @@ -306,9 +341,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -321,12 +357,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: WordPress + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Western Digital product: '' cves: cve-2021-4104: @@ -350,13 +386,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/ + - https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Worksphere - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WIBU Systems + product: CodeMeter Cloud Lite cves: cve-2021-4104: investigated: false @@ -364,9 +400,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2.2 and prior unaffected_versions: [] cve-2021-45046: investigated: false @@ -379,13 +416,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228 + - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Wowza - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: WIBU Systems + product: CodeMeter Keyring for TIA Portal cves: cve-2021-4104: investigated: false @@ -393,9 +430,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.30 and prior unaffected_versions: [] cve-2021-45046: investigated: false @@ -408,24 +446,993 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve + - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf + notes: Only the Password Manager is affected + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: WildFly + product: All + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - < 22 + - '> 26.0.0.Final' + - '>= 22' + - <= 26.0.0.Beta1 + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: WSO2 - product: WSO2 Enterprise Integrator + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS17 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS18 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS19 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS21 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wind River + product: WRL-6 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-7 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true - affected_versions: - - 6.1.0 and above + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-8 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-9 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: WireShark + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.wireshark.org/news/20211215.html + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Wistia + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.wistia.com/incidents/jtg0dfl5l224 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WitFoo + product: Precinct + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: + - 6.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ + notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See + advisory. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WordPress + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Worksphere + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wowza + product: Streaming Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.7.8 + - 4.8.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WSO2 + product: API Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 3.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: API Manager Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 6.1.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 6.6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server as Key Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 3.2.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.1.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 4.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Monitoring Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking AM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking BI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.3.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking KM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator Tooling + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Processor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 4.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -439,8 +1446,8 @@ software: unaffected_versions: [] vendor_links: - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-26T07:18:50+00:00' ... diff --git a/data/cisagov_X.yml b/data/cisagov_X.yml index 1235c42..2c6eb17 100644 --- a/data/cisagov_X.yml +++ b/data/cisagov_X.yml @@ -5,6 +5,36 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: XCP-ng + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: XenForo product: '' cves: cve-2021-4104: @@ -28,13 +58,3133 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact + - https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: AltaLink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: CareAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8700 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8870 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8880 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 9201 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 9301 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: DocuCentre SC2020 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ElemX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Core + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Express to Print + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Makeready + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Output Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Print Manager - APP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Variable Information Suite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Nuvera EA Perfecting Production Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Nuvera EA Production Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3300 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3320 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3330 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3435 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3600 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3610 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3635 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4510 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4622 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6020 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6022 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6280 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6510 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6600 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6700 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 7800 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 8860 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: PrimeLink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Versalink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 33xx + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 3615 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4260 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4265 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5135 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5150 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5225 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5230 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 53XX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5645 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5655 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5740 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5745 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5755 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5765 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 58XX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5945 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5955 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6025 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6515 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6605 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6655 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7425 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7435 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7525 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7535 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7556 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7830 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7835 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7855 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7970i + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre ECXX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Account Payable Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox App Gallery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B1022/25 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B225 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B230 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B235 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B310 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Baltoro HF Inkjet Press + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Branded ConnectKey Applications + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C230 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C235 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C310 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Campaigns on Demand + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Color EC70 Printer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D110 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D125 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D95A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Digital Mailroom Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ECXX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ED125 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ED95A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox iGen 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Instant Print Kiosk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Intelligent Workplace Services (All Including XDM, XDA, CWW) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Iridesse Production Press + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox J75 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Print and Scan Experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Team Availability Application + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 180 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 280 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 3100 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 4100 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: XenForo - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workflow Central Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workplace Kiosk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workplace Suite cves: cve-2021-4104: investigated: false @@ -42,10 +3192,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workspace Cloud + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -57,13 +3238,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: '' + product: XMPie Data-Driven Print and VDP cves: cve-2021-4104: investigated: false @@ -71,10 +3252,71 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Omnichannel Communications + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Web to Print + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86,13 +3328,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPertDoc - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -119,9 +3361,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPLG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -148,9 +3390,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XWIKI - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -177,7 +3419,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xylem product: Aquatalk cves: @@ -187,9 +3429,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -216,9 +3459,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -237,7 +3481,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Analytics + product: Configuration change complete cves: cve-2021-4104: investigated: false @@ -245,9 +3489,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -266,7 +3511,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Automation Control Configuration change complete + product: Sensus Analytics cves: cve-2021-4104: investigated: false @@ -274,9 +3519,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -295,7 +3541,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Cathodic Protection Mitigation in process Mitigation in process + product: Sensus Automation Control Configuration change complete cves: cve-2021-4104: investigated: false @@ -303,9 +3549,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -324,7 +3571,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus FieldLogic LogServer + product: Sensus Cathodic Protection Mitigation in process Mitigation in process cves: cve-2021-4104: investigated: false @@ -332,8 +3579,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -353,7 +3601,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Lighting Control + product: Sensus FieldLogic LogServer cves: cve-2021-4104: investigated: false @@ -361,8 +3609,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -382,7 +3631,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus NetMetrics Configuration change complete + product: Sensus Lighting Control cves: cve-2021-4104: investigated: false @@ -390,9 +3639,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -411,7 +3661,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus RNI Saas + product: Sensus NetMetrics Configuration change complete cves: cve-2021-4104: investigated: false @@ -420,11 +3670,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.7 through 4.10 - - 4.4 through 4.6 - - '4.2' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -475,7 +3723,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus SCS + product: Sensus RNI Saas cves: cve-2021-4104: investigated: false @@ -483,9 +3731,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.7 through 4.10 + - 4.4 through 4.6 + - '4.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -504,7 +3755,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Smart Irrigation + product: Sensus SCS cves: cve-2021-4104: investigated: false @@ -512,9 +3763,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -533,7 +3785,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Water Loss Management (Visenti) + product: Smart Irrigation cves: cve-2021-4104: investigated: false @@ -541,8 +3793,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -562,7 +3815,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Configuration change complete + product: Water Loss Management (Visenti) cves: cve-2021-4104: investigated: false @@ -570,9 +3823,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -599,9 +3853,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -628,9 +3883,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false diff --git a/data/cisagov_Y.yml b/data/cisagov_Y.yml index 982c73c..006fd08 100644 --- a/data/cisagov_Y.yml +++ b/data/cisagov_Y.yml @@ -4,6 +4,40 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: Yahoo + product: Vespa + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://blog.vespa.ai/log4j-vulnerability/ + notes: Your Vespa application may still be affected if log4j is included in your + application package. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Yellowbrick product: '' cves: @@ -32,9 +66,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: YellowFin - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -42,10 +76,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 8.0.10.3, 9.7.0.2 + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 + notes: v7 and v6 releases are not affected unless you have manually upgraded to + Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Yenlo + product: Connext + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -57,13 +123,134 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 + - https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/ + notes: Connext Platform (Managed WSO2 Cloud) and all underlying middleware components + are not vulnerable. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: YOKOGAWA + product: CENTUM VP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CENTUM VP (other components) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is + still under investigation. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CI Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2021-12-22T00:00:00' - vendor: YOKOGAWA - product: '' + product: Exaopc + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaplog cves: cve-2021-4104: investigated: false @@ -71,10 +258,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaquantum + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -91,8 +309,8 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: YSoft SAFEQ - product: '' + - vendor: YOKOGAWA + product: FAST/TOOLS cves: cve-2021-4104: investigated: false @@ -100,10 +318,252 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: PRM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: ProSafe-RS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: ProSafe-RS Lite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: STARDOM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: VTSPortal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YSoft + product: SAFEQ 4 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 6 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - <=6.0.63 + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -119,5 +579,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-02-01T07:18:50+00:00' ... diff --git a/data/cisagov_Z.yml b/data/cisagov_Z.yml index 5a92727..9cc36a6 100644 --- a/data/cisagov_Z.yml +++ b/data/cisagov_Z.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ZAMMAD product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zaproxy product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zebra product: '' cves: @@ -119,7 +119,193 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Zeiss + product: Cataract Suite + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: EQ Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.6, 1.8 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: FORUM + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.2.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Glaucoma Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.5.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Laser Treatment Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Retina Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.5.x, 2.6.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' - vendor: Zendesk product: All Products cves: @@ -180,7 +366,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zentera Systems, Inc. product: CoIP Access Platform cves: @@ -212,34 +398,137 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Zerto - product: '' + product: Cloud Appliance cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Cloud Manager + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' vendor_links: - https://help.zerto.com/kb/000004822 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Virtual Manager + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Virtual Replication Appliance + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' - vendor: Zesty product: '' cves: @@ -268,7 +557,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zimbra product: '' cves: @@ -297,7 +586,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zix product: '' cves: @@ -327,35 +616,72 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Zoom - product: '' + - vendor: Zoho + product: Online cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zoho.com/portal/en/community/topic/update-on-the-recent-apache-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zoom + product: '' + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' vendor_links: - https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ZPE systems Inc product: '' cves: @@ -384,7 +710,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zscaler product: See Link (Multiple Products) cves: @@ -442,15 +768,82 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zyxel - product: Security Firewall/Gateways + product: All other products cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Netlas Element Management System (EMS) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: Hotfix availibility Dec. 20 2021. Patch availability in end of Feb. 2022. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Security Firewall/Gateways + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] @@ -459,15 +852,17 @@ software: - ZLD Firmware Security Services - Nebula cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability notes: ''